Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Samsung MagicINFO
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)

An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being …

M&S, Coop, Harrods
UK retailers under cyber attack: Co-op member data compromised

UK-based retailers Marks & Spencer, Co-op, and Harrods have been targeted by cyber attackers in the last few weeks. Whether the attacks have been mounted by the same …

SonicWall
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed …

New Microsoft accounts will be “passwordless by default”

Microsoft is making new Microsoft accounts passwordless by default, the company has announced on Thursday, which marked this year’s World Password Day. “As part of …

Apple
Airplay-enabled devices open to attack via “AirBorne” vulnerabilities

Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise …

scam alert
Property renters targeted in simple BEC scam

Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam …

0-day exploits
44% of the zero-days exploited in 2024 were in enterprise solutions

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of …

CISA
CISA warns about actively exploited Broadcom, Commvault vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault …

Marks & Spencer
Marks & Spencer cyber incident linked to ransomware group

The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources …

SAP
Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)

CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file …

Outpost24
Threat actors are scanning your environment, even if you’re not

In a world where organizations’ digital footprint is constantly changing and attackers regularly capitalize on security failings in exposed IT assets, making the effort to …

Rack
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)

Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools