Topic: security hardening
-
Bitdefender Launches Standalone PHASR for Proactive Endpoint Security
Bitdefender has launched GravityZone PHASR as a standalone solution, enabling businesses to add advanced pre-emptive protection to their existing security systems without replacing them. PHASR merges behavior-based security hardening with live threat intelligence to proactively block ransomware a...
Read More » -
Urgent: Notepad++ Users, Check for Hacks Now
Notepad++'s update infrastructure was compromised for six months by sophisticated hackers linked to the Chinese state, who delivered malicious updates to targeted users. The attackers exploited insufficient update verification in older software versions, maintaining persistent access to redirect ...
Read More » -
F5 Source Code Stolen by Nation-State Hackers in Data Breach
F5 experienced a security breach by a nation-state actor who stole BIG-IP source code and vulnerability data, potentially enabling the creation of new exploits. The company has contained the incident, implemented security enhancements, and found no evidence of critical vulnerabilities or customer...
Read More » -
Proxmox Mail Gateway 9.0: Open-Source Email Security Released
Proxmox Mail Gateway 9.0 is an open-source email security solution that protects against threats like spam, phishing, and malware by filtering emails before they reach internal servers. The platform is built on Debian 13 and Linux kernel 6.14, featuring updated security tools such as ClamAV 1.4.3...
Read More » -
Urgent: 50,000 Cisco Firewalls at Risk From Active Attacks
Attackers are actively exploiting critical vulnerabilities CVE-2025-20333 and CVE-2025-20362 in around 50,000 Cisco ASA and FTD devices, enabling unauthorized remote code execution and access without authentication. Over 48,800 internet-facing devices remain unpatched, primarily in the U.S., with...
Read More » -
SonicWall Cloud Backup Users Hit by Major Data Breach
A data breach at SonicWall exposed all customers' firewall configuration files stored on the MySonicWall cloud service, initially thought to affect fewer users but later confirmed as widespread. The stolen files contain encrypted credentials and configuration data, increasing the risk of targeted...
Read More » -
Microsoft Unveils LiteBox: Open-Source, Security-First OS Library
Microsoft has introduced LiteBox, an open-source library operating system built in Rust to create a secure, isolated layer for executing security-sensitive tasks. The project leverages hardware virtualization to protect a guest kernel, ensuring core security functions remain intact even if the ma...
Read More » -
Salesforce Reveals Gainsight Breach Details and Investigation Steps
Salesforce disclosed a security incident involving Gainsight applications, with unauthorized access likely starting on November 8 and suspicious activity detected from mid-November using IPs from VPNs, Tor, and AWS. Indicators of compromise include specific IP addresses and a suspicious User Agen...
Read More » -
Major Firewall Vendors Hit in Coordinated Cyberattack
A coordinated cyberattack is targeting Cisco, Palo Alto Networks, and Fortinet devices, with all exploitation campaigns originating from identical subnets, indicating a unified threat actor. The attacks began in early September, exploiting zero-day vulnerabilities in Cisco devices and causing a 5...
Read More » -
Urgent Redis Update Fixes Critical RCE Vulnerability
A critical use-after-free vulnerability (CVE-2025-49844) in Redis's Lua scripting allows authenticated attackers to execute arbitrary code on the host server, affecting versions 8.2.1 and earlier. The flaw is exacerbated by default configurations in Redis container images that disable authenticat...
Read More » -
Notepad++ Updates Channel After Security Breach
Notepad++ has released a critical security update (version 8.9.2) to fix vulnerabilities in its update mechanism that were exploited to deliver malware, and users are urged to update immediately. The attack exploited unsigned update files and a lack of installer verification, allowing hackers to ...
Read More » -
SonicWall Cloud Backup Users: Firewall Configs at Risk
SonicWall confirmed a security breach where attackers accessed encrypted firewall configuration backup files for all customers using its cloud backup service, potentially increasing future cyber-attack risks. The intrusion, detected in early September 2025, involved brute-force methods to collect...
Read More » -
SonicWall Firewall Backups Compromised by Attackers
SonicWall confirmed that attackers used brute-force methods to access its cloud backup API, compromising configuration backup files for all customers who used the service, contradicting earlier statements about a limited impact. The compromised files contain sensitive data like network settings, ...
Read More »