The Jenkins project has issued a new security advisory detailing multiple vulnerabilities affecting recent versions of Jenkins core. The issues include a high-severity denial-of-service (DoS) vulnerability affecting instances configured to use HTTP/2, as well as several medium-severity flaws related to permission checks and log handling. The most critical issue, tracked as CVE-2025-5115, involves a vulnerability

Continue Reading

SonicWall has confirmed a security incident involving its MySonicWall cloud backup service, after detecting a series of brute-force attacks that successfully accessed configuration files for a subset of customer firewalls. According to the disclosure, the incident impacts fewer than 5% of SonicWall firewall customers. The affected files, referred to as firewall preference files, were stored

Continue Reading

Qrator Labs, a cybersecurity company, has successfully defended against what appears to be the largest botnet-driven DDoS attack recorded this year, involving 5.76 million compromised devices targeting government infrastructure. Security researchers first identified this particular botnet earlier in the year with over 1 million infected devices, growing to nearly six million compromised systems by early

Continue Reading

Security researchers at Okta have uncovered a previously unknown phishing-as-a-service operation called VoidProxy that represents a significant escalation in cybercriminal capabilities targeting business email and cloud accounts. Unlike traditional phishing attacks that simply steal passwords, VoidProxy uses real-time “adversary-in-the-middle” techniques that can bypass common two-factor authentication methods including SMS codes and authenticator apps. The service

Continue Reading

A data security incident has affected Hello Gym, a communication platform serving fitness centers across North America. The breach involved an exposed database containing 1.6 million audio recordings, and sensitive customer and employee information. According to a report from Website Planet, the discovered database held five years’ worth of phone calls and voicemails spanning from

Continue Reading

Cybersecurity researchers at Mosyle, a device management and security provider, have discovered a new and highly stealthy malware strain, according to a report first shared with 9to5Mac. Called ModStealer that has been evading detection by all major antivirus tools for nearly a month. This discovery is particularly alarming for users on macOS, Linux and Windows

Continue Reading

Recently, a significant security flaw was identified in Adobe Commerce involving the Commerce REST API (CVE-2025-54236). This vulnerability could potentially allow attackers to take over customer accounts. While there are no reports of active exploitation at this time, it’s crucial to apply the hotfix to prevent any risks. The vulnerability affects how API requests are

Continue Reading

A recent report by security researchers at Bitdefender details a malicious campaign spreading through Facebook ads that promote fake “Meta Verified” browser extensions. The campaign targets Facebook users, especially content creators and small businesses, by offering tools that claim to unlock verification features, but in reality are designed to steal account credentials and session data.

Continue Reading