Zeljka Zorz

New Microsoft accounts will be “passwordless by default”
Microsoft is making new Microsoft accounts passwordless by default, the company has announced on Thursday, which marked this year’s World Password Day. “As part of …

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities
Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise …

Property renters targeted in simple BEC scam
Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam …

44% of the zero-days exploited in 2024 were in enterprise solutions
In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of …

CISA warns about actively exploited Broadcom, Commvault vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault …

Marks & Spencer cyber incident linked to ransomware group
The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources …

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file …

Threat actors are scanning your environment, even if you’re not
In a world where organizations’ digital footprint is constantly changing and attackers regularly capitalize on security failings in exposed IT assets, making the effort to …

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). …

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise …

Understanding 2024 cyber attack trends
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights …

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs
MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and …
Featured news
Resources
Don't miss
- Hackers love events. Why aren’t more CISOs paying attention?
- Before scaling GenAI, map your LLM usage and risk zones
- SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles
- Why banks’ tech-first approach leaves governance gaps
- MDEAutomator: Open-source endpoint management, incident response in MDE