The Cybersecurity and Infrastructure Security Agency (CISA) has updated 59 entries in its Known Exploited Vulnerabilities (KEV) catalog to indicate that these vulnerabilities are being actively exploited in ransomware attacks. This update raises concerns among security experts because it implies that organizations may be unaware that their systems are vulnerable to these specific attacks. The vulnerabilities affect a range of products, and the updates were made without much public awareness, which could leave many companies at risk. It's crucial for organizations to review these updates and apply necessary patches to protect against potential ransomware threats. This situation stresses the need for better communication regarding vulnerability management in the cybersecurity community.
Articles tagged "Update"
Found 141 articles
SCM feed for Latest
The Cybersecurity and Infrastructure Security Agency (CISA) has been updating software vulnerabilities related to ransomware without notifying cybersecurity defenders, as pointed out by Glenn Thorpe of GreyNoise. This lack of transparency could lead to missed ransomware intrusions, as defenders may not be aware of the vulnerabilities that have been patched. The updates affected numerous software vulnerabilities last year, raising concerns about the potential risks for organizations relying on these systems. The situation emphasizes the need for better communication between CISA and cybersecurity professionals to ensure that all parties are informed about critical updates that could impact security posture.
The Global Threat Map is an open-source initiative designed to provide security teams with real-time visibility of cyber incidents worldwide. It aggregates various open data feeds into an interactive map that displays key indicators like malware spread, phishing attempts, and attack traffic based on geographic location. Unlike traditional threat maps, which are often produced by security vendors, this project relies on community contributions to maintain and update the data. This platform is particularly valuable for organizations looking to enhance their situational awareness and respond to emerging threats more effectively. By utilizing open-source data, it fosters collaboration among security professionals and helps them stay informed about the latest cyber activities that could impact their operations.
Infosecurity Magazine
A serious SQL injection vulnerability has been identified in the Quiz and Survey Master plugin, affecting approximately 40,000 WordPress sites. This flaw allows attackers to manipulate the database and potentially access sensitive information. Users of the affected plugin need to take immediate action to secure their sites to prevent unauthorized access and data breaches. Website owners are urged to update the plugin to the latest version as soon as possible to mitigate these risks. The discovery of this vulnerability serves as a reminder for all WordPress site administrators to regularly monitor and update their plugins to ensure their sites remain secure.
Infosecurity Magazine
Researchers have identified a new ransomware-as-a-service (RaaS) variant known as 'Vect'. This operation stands out due to its custom malware, which poses a significant threat to organizations. The Vect RaaS allows attackers to easily deploy ransomware attacks, potentially affecting a wide range of victims, from small businesses to larger enterprises. The introduction of this variant raises concerns about the increasing sophistication of ransomware operations, making it crucial for companies to bolster their cybersecurity measures. Users are advised to stay vigilant and regularly update their security protocols to defend against such evolving threats.
Hackers have successfully compromised an update server belonging to MicroWorld Technologies, the company behind eScan Antivirus. This breach allowed attackers to inject malicious files into updates that were sent to eScan customers, effectively turning the antivirus software into a delivery mechanism for malware. Users who updated their eScan software during this incident may have inadvertently installed harmful files on their systems. This incident raises significant concerns about the security of software supply chains, highlighting how even trusted software can be weaponized. Users are advised to remain vigilant and consider checking their systems for any signs of compromise.
SmarterTools has released patches for two vulnerabilities in its SmarterMail email software, one of which is classified as critical. This flaw, identified as CVE-2026-24423, has a CVSS score of 9.3 and could allow attackers to execute arbitrary code on systems running affected versions of SmarterMail. Users of SmarterMail versions prior to build 9511 are particularly at risk. It's crucial for organizations using this software to update immediately to protect against potential exploitation. The existence of such a high-severity vulnerability underscores the importance of regular software updates and vigilance in cybersecurity practices.
On January 20, Kaspersky detected malware associated with a supply chain attack targeting eScan antivirus software. This incident suggests that attackers compromised the update mechanism of eScan, potentially allowing them to distribute malicious updates to users. Companies using eScan antivirus are at risk, as the malware could lead to unauthorized access or data breaches. Users of the software should be vigilant and consider immediate actions to protect their systems. Kaspersky has provided indicators of compromise and mitigation strategies for affected users to follow in order to secure their environments.
BleepingComputer
MicroWorld Technologies, the company behind the eScan antivirus software, has confirmed that one of its update servers was compromised. This breach allowed attackers to distribute a malicious update to a small number of eScan users earlier this month. The unauthorized update was later analyzed and flagged as harmful, raising concerns about the security of users' systems. Although the number of affected customers is limited, the incident underscores the risks associated with software updates and the potential for malicious actors to exploit vulnerabilities in update mechanisms. Users of eScan should remain vigilant and ensure their software is updated from legitimate sources to avoid such threats.
Infosecurity Magazine
A recent update for OpenSSL has addressed 12 vulnerabilities, some of which have been present in the code for several years. These flaws potentially affect a wide range of applications and systems that rely on OpenSSL for secure communications. Users of affected software should update to the latest version as soon as possible to protect against potential exploitation. The vulnerabilities could allow attackers to compromise the integrity and confidentiality of data transmitted over secure channels. This situation emphasizes the need for regular updates and vigilance in maintaining software security.
A defect in WinRAR, a popular file compression tool, has been exploited by cybercriminals and nation-state groups for the past six months. This vulnerability is particularly concerning as it has been used to target sensitive sectors, including military, government, and technology organizations, primarily for espionage purposes. As attackers take advantage of this flaw, affected organizations risk data breaches and unauthorized access to sensitive information. Users of WinRAR are strongly urged to update their software to the latest version to mitigate these risks. The ongoing exploitation of this defect illustrates the persistent threat posed by both cybercriminals and state-sponsored actors in today's digital landscape.
SCM feed for Latest
A recent survey conducted by Permiso Security shows that many organizations are rapidly adopting AI agents and automated systems that access sensitive data, but they are struggling to keep track of these non-human identities. This lack of visibility could lead to significant security risks, as companies may not be aware of how these systems interact with their data or the potential vulnerabilities involved. The survey indicates that while the use of automation and AI is increasing, the security measures needed to monitor and protect these identities are not keeping pace. As more businesses integrate these technologies, it becomes crucial for them to enhance their security protocols to prevent potential data breaches or misuse of sensitive information.
The Hacker News
This week, cybersecurity experts noted a series of vulnerabilities and security incidents that demonstrate how attackers are exploiting both old and new methods to breach systems. Flaws in firewalls and browser-based traps are particularly concerning, as they reveal weaknesses in tools that users often trust. These security lapses suggest that just because a software issue has been patched doesn't mean it is safe. The ongoing evolution of malware, including AI-generated variants, presents a significant challenge for companies trying to defend against increasingly sophisticated threats. Organizations need to stay vigilant and update their defenses regularly to protect against these emerging risks.
Amazon Web Services (AWS) has released an updated compliance report for its Payment Cryptography service, confirming that it meets Payment Card Industry Personal Identification Number (PCI PIN) standards. This update follows a thorough audit by a Qualified Security Assessor (QSA). The compliance package is now available on AWS's compliance portal and includes an Attestation of Compliance (AOC) as well as additional documentation. This is significant for businesses using AWS Payment Cryptography, as it assures them that the service adheres to stringent security measures for handling payment data. Ensuring compliance not only helps protect sensitive information but also builds trust with customers who rely on secure payment processing.
A new ransomware strain called Osiris was identified in a November 2025 attack targeting a significant food service franchise in Southeast Asia. Researchers from Symantec and Carbon Black reported that the attackers used a malicious driver known as POORTRY through a technique called Bring Your Own Vulnerable Driver (BYOVD) to disable security tools. This method allowed the ransomware to operate without detection, posing a serious risk to the affected organization. With ransomware attacks on the rise, this incident highlights the need for companies to strengthen their defenses against evolving tactics. The incident serves as a reminder for businesses to continuously update their security measures and remain vigilant against such threats.