Topic: security alerts
-
Cyber-Attacks Hit Three French Regional Healthcare Agencies
A coordinated cybersecurity breach compromised personal data of patients in multiple French regions, though medical records remained secure. Attackers used stolen credentials to impersonate healthcare professionals and access systems via regional e-health platforms. Authorities are taking action ...
Read More » -
Astra's Offensive-Grade Scanner Cuts Noise, Proves Risk
Traditional quarterly cloud security scans are insufficient for rapidly changing environments, leading to undetected critical misconfigurations that are a primary cause of breaches. A new scanner addresses this by using an offensive-grade validation engine to actively test and confirm exploitable...
Read More » -
Capita Hit With £14m Fine Over 6.6 Million Data Breach
Capita has been fined £14 million by the UK's Information Commissioner's Office for a data breach that exposed the personal information of approximately 6.6 million individuals, with the penalty reduced from an initial £45 million due to the company's cooperation and security improvements. The br...
Read More » -
Hackers Actively Exploit Critical BeyondTrust RCE Flaw
A critical command injection vulnerability (CVE-2026-1731) in BeyondTrust's remote access software is being actively exploited, allowing unauthenticated attackers to run arbitrary commands on unpatched systems. Threat intelligence confirms widespread scanning and exploitation, with attackers abus...
Read More » -
Microsoft Empowers Security Teams with AI Investigations
Microsoft has launched **Purview Data Security Investigations**, a new AI-powered tool that dramatically speeds up complex data investigations, turning processes that took weeks into operations completed in hours. The platform aggregates and analyzes data from across Microsoft 365 (including emai...
Read More » -
Beware Fake Password Manager Breach Alerts Hijacking PCs
A phishing campaign is targeting LastPass and Bitwarden users with fraudulent emails that falsely claim security breaches, urging them to download a malicious desktop application. The malicious software installs a remote access tool called Syncro, which attackers use to deploy ScreenConnect for u...
Read More » -
Clop Hackers Stole Data Using Oracle Zero-Day Since August
The Clop ransomware group exploited a critical zero-day vulnerability (CVE-2025-61882) in Oracle's E-Business Suite, enabling remote code execution and leading to widespread data theft and extortion attempts. Security researchers and analysts confirmed the vulnerability allows unauthenticated att...
Read More » -
Urgent: WatchGuard Firewalls Targeted by Critical Attack (CVE-2025-14733)
Over 115,000 WatchGuard Firebox firewalls are actively being targeted via a critical, unauthenticated remote code execution flaw (CVE-2025-14733) in the Fireware OS's IKED process. The U.S. CISA has mandated patching due to active exploitation, requiring an immediate upgrade to specific fixed Fir...
Read More » -
Apple Patches Critical Zero-Day Flaw Actively Exploited in Attacks
Apple has patched a critical zero-day vulnerability (CVE-2026-20700) in its dyld component, which was exploited in a sophisticated, targeted attack against older iOS versions. The updates also fix two related WebKit vulnerabilities, all discovered and reported by Google's Threat Analysis Group, t...
Read More » -
Urgent SolarWinds Web Help Desk Patch Fixes Critical RCE Flaws
SolarWinds has urgently patched multiple critical vulnerabilities in its Web Help Desk software, strongly advising all customers to immediately upgrade to version 2026.1 to mitigate risks like remote code execution. The critical flaws, discovered by external researchers, include authentication by...
Read More » -
Exploit in Default Cursor Setting Runs Malicious Code on Dev Machines
A security flaw in Cursor AI code editor allows attackers to execute malicious code silently due to the Workspace Trust feature being disabled by default. Exploitation can lead to credential theft, file manipulation, and data exfiltration, especially risky given developers' elevated system privil...
Read More » -
Critical RCE Flaw in Western Digital My Cloud NAS (CVE-2025-30247)
Western Digital has released a critical firmware update (version 5.31.108) to fix a severe remote code execution vulnerability (CVE-2025-30247) in multiple My Cloud NAS models, urging immediate installation to prevent unauthorized access and system takeover. The vulnerability is an OS command inj...
Read More » -
Critical SmarterMail Flaw Actively Exploited by Ransomware Gangs
A critical SmarterMail vulnerability (CVE-2026-24423) is being actively exploited, allowing unauthenticated attackers to execute remote code via a flawed API endpoint. The flaw affects all SmarterMail versions before build 100.0.9511, prompting urgent federal patching mandates and warnings for al...
Read More »