Latest Intelligence
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
Chinese threat actors have exploited recently patched vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, with CVE identifiers CVE-2025-4427 and CVE-2025-4428, allow for arbitrary code execution, posing significant risks to affected systems.
Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People
Marlboro-Chesterfield Pathology has experienced a data breach due to an attack by the SafePay ransomware group, affecting the personal information of approximately 235,000 individuals. This incident highlights the ongoing risks posed by ransomware attacks in the healthcare sector.
Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)
Commvault is facing cyber threat activity targeting its Metallic SaaS solution hosted in Microsoft Azure, potentially allowing unauthorized access to customer M365 environments. CISA warns this may be part of a larger campaign against SaaS applications with default configurations and elevated permissions, urging users to implement security measures.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a new vulnerability, CVE-2025-4632, related to Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This highlights ongoing risks to federal networks and emphasizes the need for timely remediation by organizations to protect against cyber threats.
CISA Releases Two Industrial Control Systems Advisories
CISA has released two advisories addressing security vulnerabilities in Industrial Control Systems (ICS), specifically focusing on the Lantronix Device Installer and Rockwell Automation FactoryTalk Historian ThingWorx. These advisories highlight the importance of staying informed about current security issues and implementing necessary mitigations to protect ICS environments.
Rockwell Automation FactoryTalk Historian ThingWorx
The article discusses a critical vulnerability in Rockwell Automation's FactoryTalk Historian ThingWorx that allows for XML External Entity (XXE) attacks due to improper restriction of XML external entity references. This vulnerability, rated 9.3 on the CVSS v4 scale, affects versions v4.02.00 and prior, and could lead to significant security risks if exploited.
Lantronix Device Installer
The Lantronix Device Installer software has a vulnerability that allows for XML External Entity (XXE) attacks, potentially enabling attackers to access sensitive information and modify network device configurations. This vulnerability, identified as CVE-2025-4338, is significant as it affects systems that are no longer supported, leaving users at risk without updates or security enhancements.
New Best Practices Guide for Securing AI Data Released
CISA, in collaboration with the NSA and FBI, has released a Cybersecurity Information Sheet focusing on best practices for securing data used in AI systems. The guide emphasizes the importance of data security to maintain the accuracy and trustworthiness of AI outcomes and encourages organizations to adopt robust protection measures.
Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program
Organizations must now demonstrate the reasonableness of their cybersecurity programs to meet legal standards and avoid accountability issues. This shift emphasizes the need for structured and compliant cybersecurity practices rather than reliance on vague frameworks or intentions.
Marks & Spencer Expects Ransomware Attack to Cost $400 Million
Marks & Spencer has announced that the recent ransomware attack is expected to cost the company $400 million, with disruptions anticipated to continue through July. This incident highlights the significant financial and operational impact of cyberattacks on major retailers.
Identity Security Has an Automation Problem—And It's Bigger Than You Think
The article highlights a significant issue in identity security, revealing that most organizations still rely heavily on human intervention rather than automated systems for core identity workflows. With fewer than 4% of security teams fully automating these processes, the potential for errors and security breaches remains high, emphasizing the need for greater automation in identity security.
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host
Researchers have identified critical vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform that could allow attackers to gain control over affected instances. These vulnerabilities remain unpatched despite being disclosed responsibly on February 13, 2025, raising significant security concerns.
Security Theater or Real Defense? The KPIs That Tell the Truth
The article emphasizes that effective cybersecurity goes beyond mere data collection; it is essential to demonstrate that security measures are genuinely effective. It highlights the significance of key performance indicators (KPIs) in evaluating the real impact of cybersecurity defenses.
Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough
The article highlights that despite significant investments in cybersecurity, organizations continue to face challenges from advanced malware and deepfake attacks due to difficulties in verifying digital identities and establishing trust. This ongoing struggle underscores the inadequacy of financial spending alone in mitigating cyber threats.
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities
Cisco has released 10 security advisories addressing over a dozen vulnerabilities, including two critical flaws in its Identity Services Engine (ISE) and Unified Intelligence Center. These vulnerabilities pose significant risks, potentially allowing denial-of-service attacks and privilege escalation.