Latest Intelligence
Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks
Intel, AMD, and Arm have issued security advisories in response to newly disclosed CPU attacks during the recent Patch Tuesday. This highlights ongoing vulnerabilities in CPU architecture that could pose significant security risks to users and organizations.
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
A new phishing threat named 'Meta Mirage' has emerged, targeting businesses using Meta's Business Suite to hijack high-value accounts, particularly those managing advertising and brand pages. Cybersecurity researchers at CTM360 have identified this campaign as a significant risk, as attackers impersonate official Meta communications to deceive users.
Congress Should Tackle Cyber Threats, Not Competition
The article criticizes certain members of Congress for prioritizing publicity over effective measures to enhance America's cybersecurity. It emphasizes the need for a more focused approach to address cyber threats rather than engaging in competitive politics.
Orca Security Gets AI-Powered Remediation From Opus Deal
Orca Security has acquired Opus to enhance its Cloud Native Application Protection Platform (CNAPP) by integrating autonomous vulnerability remediation and prevention technologies. This acquisition signifies a strategic move to bolster Orca's capabilities in addressing security vulnerabilities more effectively.
Kosovar Administrator of Cybercrime Marketplace Extradited to US
Liridon Masurica, a Kosovo citizen, has been extradited to the United States to face charges related to his involvement in the cybercrime marketplace BlackDB.cc. This case highlights the ongoing international efforts to combat cybercrime and the legal actions being taken against individuals operating in this illicit space.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added CVE-2025-32756, a stack-based buffer overflow vulnerability affecting multiple Fortinet products, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This highlights the ongoing risk such vulnerabilities pose to federal networks and emphasizes the importance of timely remediation efforts across all organizations.
EU Cybersecurity Agency ENISA Launches European Vulnerability Database
The European Vulnerability Database (EUVD) has been launched by the EU Cybersecurity Agency ENISA, which is expected to be a valuable resource for cybersecurity experts. However, its effectiveness will depend on ENISA's ability to maintain and update the database properly.
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
Earth Ammit, a cyber espionage group, has conducted two campaigns, VENOM and TIDRONE, targeting various sectors in Taiwan and South Korea, including military and healthcare. The significance lies in the breach of drone supply chains, indicating a sophisticated level of cyber threat impacting critical industries.
Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
The article highlights a concerning rise in cyberattacks, particularly against critical infrastructure and cloud enterprises, with a reported 18% year-over-year increase in breaches. This trend underscores the importance of offensive security training for security teams to better defend against these evolving threats.
Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
A new phishing campaign named Horabot has been identified, targeting Windows users in six Latin American countries through deceptive emails that mimic invoices. This malware poses a significant threat as it can steal sensitive information from victims who open the malicious attachments.
Vulnerabilities Patched by Juniper, VMware and Zoom
Juniper Networks, VMware, and Zoom have released patches addressing numerous vulnerabilities in their products. This action is significant as it helps mitigate potential security risks associated with these vulnerabilities.
Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances
Fortinet has addressed a critical vulnerability that was actively exploited against its FortiVoice appliances. The patching of this zero-day flaw is significant as it helps protect users from potential attacks in the wild.
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
Microsoft has addressed 78 security vulnerabilities in its software, including five zero-day flaws that are currently being exploited. The critical nature of these vulnerabilities, particularly the remote code execution risks, underscores the importance of timely updates for users.
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers
Ivanti has issued patches for two critical vulnerabilities in its EPMM software that have been actively exploited for remote code execution. The significance of these vulnerabilities lies in their potential to compromise customer systems, highlighting the importance of timely updates to security software.
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
Siemens, Schneider Electric, and Phoenix Contact have released security advisories addressing vulnerabilities in their industrial control systems during the May 2025 Patch Tuesday. The significance of these advisories lies in the potential risks posed to critical infrastructure and the importance of timely updates to maintain security.