Aggregator

A vulnerability was found in brikou WP Plugin Info Card up to 5.3.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-5116. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Parallels Desktop 20.2.2 (55879) on macOS and classified as critical. Affected by this vulnerability is an unknown functionality of the component PVMP Package Unpacking. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-31359. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, was found in Parallels Desktop 20.1.1 on macOS. Affected is an unknown function of the component Snapshot Handler. The manipulation leads to unix hard link. This vulnerability is traded as CVE-2024-54189. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Parallels Desktop 20.1.1 on macOS. This issue affects some unknown processing of the component Snapshot Handler. The manipulation leads to incorrect ownership assignment. The identification of this vulnerability is CVE-2024-52561. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as critical was found in Parallels Desktop 20.1.1 on macOS. This vulnerability affects the function prl_vmarchiver of the component Virtual Machine Archive Restoration. The manipulation leads to unix hard link. This vulnerability was named CVE-2024-36486. The attack needs to be approached locally. There is no exploit available.

Introducing the Akamai Partner Awards, which recognize excellence ? both organizational and individual ? in sales, services, marketing, and technical impact.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
• CVE-2025-21480 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
• CVE-2025-27038 Qualcomm Multiple Chipsets Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released three Industrial Control Systems (ICS) advisories on June 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-153-01 Schneider Electric Wiser Home Automation
• ICSA-25-153-02 Schneider Electric EcoStruxure Power Build Rapsody
• ICSA-25-153-03 Mitsubishi Electric MELSEC iQ-F Series

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

NIST is helping drug companies accurately measure the amount of radioactivity in their actinium-225 drugs.

CSPM, DSPM, ASPM, SSPM, ESPM — the alphabet soup of Security Posture Management (SPM) tools promises visibility into risk. They map misconfigurations, surface exposure paths and highlight policy gaps. That can be useful. But let’s not confuse awareness with action.

They don’t block threats.
They don’t enforce controls.
They don’t prevent breaches.

SPMs detect, then delegate. A ticket. A Slack alert. An integration call. Protection is someone else’s problem.

To compensate, many posture tools claim to orchestrate security. They integrate with enforcement tools like DLP, CWPP, EDR and WAF. But wiring systems together doesn’t make the system secure.

Coordination ≠ Protection
Visibility ≠ Control
Monitoring ≠ Security So why is there an abundance of SPM vendors?

Because posture is easier.

• Easier to build. Cloud-only, read-only, event-driven. No need to support endpoints, on-prem, hybrid or inline enforcement. Just scan, analyze, alert.
• Easier to sell. No rip-and-replace. Posture tools bolt onto the existing stack, not replace it. That also means customers end up managing yet another vendor, another dashboard, another integration.
• Easier to adopt. No agents, low friction, fast time-to-value. Good enough to show progress, but not strong enough to stop attacks.

Yes, posture matters. But let’s not mistake issue tracking for actual security.

Security requires action — not just awareness.

False confidence, real consequences

There’s an illusion of progress that posture tools can create. Dashboards look active. Tickets are assigned. Metrics suggest movement. But beneath that layer of perceived control, many organizations remain dangerously exposed.

In fact, {children}. Visibility alone isn’t moving the needle—security teams are still drowning in noise while real risks slip through. That's the difference between knowing something's wrong and doing something about it.

It’s why so many breaches still happen in environments that were “monitored.” The problem wasn’t a lack of alerts, it was the inability to respond in time.

And the results? Stolen IP. Leaked customer records. Compliance violations. Brand damage. Leadership churn.

The stakes aren’t theoretical. And yet too many teams are trapped in a cycle of detection without defense.

It’s time to rethink what protection means

The right approach isn’t a patchwork of posture tools and point integrations. It’s a unified system — deep within a specific domain — that doesn’t just highlight problems but solves them in real time.

Whether you’re focused on data, identities or assets, true security means:

• Continuous classification of what’s sensitive: Modern DLP starts by building a living inventory of sensitive data — constantly discovering and labeling information across SaaS apps, endpoints, on-premise file shares and emails. It ensures you always know what you're protecting, even as your data changes and moves.
• Real-time monitoring of how it’s accessed and shared: Visibility into who’s touching your data, when, and how allows security teams to identify risky behavior instantly — not after the fact. This creates accountability and supports both proactive defense and forensic insight.
• Contextual enforcement that prevents misuse: It’s not enough to just watch. Real-time protection at the endpoint means applying intelligent controls based on business context — blocking or coaching users when behavior looks risky, not just flagging it.
• Automated remediation that closes the loop: When policies are violated, MIND acts. From revoking access and deleting shared links to educating users in near real time, the loop is closed automatically — without requiring tickets, escalations or delays.

This isn’t a wishlist. This is what modern DLP — done right — can and should deliver.

Enter MIND: Posture & Prevention

That’s what MIND was built to do.

MIND combines the context-aware insights of DSPM (posture) with the automated enforcement of modern DLP (prevention).

We help security teams move beyond alert fatigue to actual control. Beyond passive monitoring to meaningful action. Beyond fractured tools to full-spectrum protection.

Our AI-powered classification engine understands your data in context—whether it’s source code, contracts, financial records, credentials, passwords, or PII. And it enforces your policies wherever data lives: SaaS and Gen AI apps, endpoints, on-premise file shares, emails and beyond.

We don’t just surface issues. We solve them.
We don’t just map risks. We mitigate them.
We don’t just warn you. We stop the leaks.

Security leaders are overburdened, not underinformed. With limited resources, increasing complexity and high expectations, they need solutions that deliver results, not just more dashboards.

Stop scanning. Start securing.

Mind What Matters.

The post Posture ≠ Protection appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in coWiki 0.3.4. Affected is an unknown function of the file 26.html. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2005-4053. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Cybercriminals have launched a sophisticated campaign targeting travelers through fake Booking.com websites that deploy AsyncRAT malware, according to recent security research. The threat actors redirect users from gaming sites, social media platforms, and sponsored advertisements to convincing replica booking sites designed to compromise visitor devices. This attack capitalizes on the fact that 40% of people […]

The post Beware of Fake Booking.com Sites That Infects Your Devices With AsyncRAT appeared first on Cyber Security News.

Store можно снести, Edge — отучить.

A vulnerability was found in Microsoft Excel 2002/2003. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2011-0104. The attack can be initiated remotely. Furthermore, there is an exploit available.

根据有互联网女皇之称的著名 VC 和分析师 Mary Meeker 的新报告《Trends –Artificial Intelligence》，AI 的普及和增长速度堪称“史无前例”。报告称，ChatGPT 在 17 个月内用户数就突破了 8 亿，这是史无前例的；AI 公司数量以及如此多的公司实现高年经常性收入的速度是史无前例的；AI 模型的推理成本下降速度是史无前例的——虽然训练一个大模型的成本最高要 10 亿美元，但推理成本两年内下降了 99%；AI 公司以极低成本匹配竞争对手模型功能的速度也是史无前例的。报告指出，AI 唯一没有超越其它科技革命的领域是财务回报，暂时还不知道哪些公司能成长为长期盈利的下一代科技巨头。

Infosecurity Europe 2025 is a cybersecurity event taking place from June 3 to 5 in London. Help Net Security is on-site and here’s a closer look at the conference. The featured vendors are: Okta, PlexTrac, ISC2, Insight, EasyDMARC, Defense.com, Tines, Darktrace, Torq, and Cyrebro.

The post Photos: Infosecurity Europe 2025 appeared first on Help Net Security.

Пользователи умоляли, Meta тянула время… И вот наконец это произошло.

A vulnerability classified as critical was found in Protector System 1.15b1. This vulnerability affects unknown code of the file index.php of the component Filters. The manipulation leads to sql injection. This vulnerability was named CVE-2004-1962. The attack can be initiated remotely. Furthermore, there is an exploit available.

A sophisticated cryptocurrency theft campaign has emerged on the npm package registry, targeting developers and cryptocurrency users through malicious packages designed to drain Ethereum and Binance Smart Chain wallets. The attack leverages heavily obfuscated JavaScript code to steal up to 85% of victims’ cryptocurrency holdings, demonstrating an evolving threat landscape where software supply chain attacks […]

The post Malicious NPM Packages Attacking Ethereum Wallets Using Obfuscated JavaScript appeared first on Cyber Security News.

In healthcare, every minute of downtime isn’t just a technical problem — it’s a patient safety risk.

CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular ransomware gang.

While technical details of the Kettering attack remain scarce, Interlock’s recent history — and the emergence of browser-based attack chains like ClickFix — should put every CISO on high alert. In fact, HHS released a sector-level alert on ClickFix, due to the severity of the attack and how focused attackers were in targeting healthcare organizations. Again, though it is not yet confirmed that this specific exploit was used at Kettering, Interlock has been linked to ClickFix attacks elsewhere.

While Kettering continues to focus on incident response, for those watching across the industry, what’s clear is the growing role of browser-based attacks in ransomware campaigns, and how, in healthcare environments, these kinds of attacks can be life-threatening.

Healthcare Remains a Top Target

Ransomware actors continue to prioritize healthcare organizations as targets because of the high value placed on continuity of care. Timely access to records, imaging, and communication systems is essential for delivering treatment — so when those systems are disrupted, the operational impact is immediate.

Healthcare organizations are uniquely vulnerable to ransomware for several reasons:

• Dispersed and unmanaged endpoints: Clinicians often use shared workstations, personal laptops, and mobile devices, increasing attack surface.
• High uptime requirements: Any downtime can delay surgeries, diagnostics, or emergency care — forcing quick, sometimes quiet, ransom payments.
• Regulatory pressure: Standards and requirements like HIPAA and HITRUST turn data breaches and outages into costly, reportable incidents.
• High ROI for attackers: Medical data and patient information continues to be the most valuable information sold on the dark web

The stakes are high: In 2024, 67% of healthcare organizations reported a ransomware attack, and research shows that patient care delays increase measurably during major incidents.

Recent examples of healthcare organizations disrupted because of a cyberattack include:

• Change Healthcare (2024): Payment processor attack rippled across the U.S., delaying claims and payments for weeks.
• CommonSpirit Health (2022): 600,000+ patient records exposed, care delayed, millions in costs.
• Universal Health Services (2020): 250 facilities offline, staff forced to revert to paper, patient care disrupted.

As more clinical and operational workflows move into SaaS apps and browser-delivered interfaces, the browser itself is becoming more relevant to healthcare security.

Understanding ClickFix and Browser-Based Tactics

ClickFix is a technique that relies on seemingly legitimate browser interactions — like fake CAPTCHAs or pop-up prompts — to trick users into activating malicious scripts. What makes this approach difficult to detect is that it relies heavily on the browser for clipboard manipulation, with no file download to trigger traditional file-based alerts or network signatures.

Here’s how a ClickFix attack could unfold in a healthcare organization:

1. A healthcare worker visits a compromised website or clicks a phishing link.
2. A fake browser prompt appears (e.g., “Please complete this CAPTCHA to continue”).
3. The user is tricked into copying and running a script (often a PowerShell command), which silently installs malware — sometimes without any download or obvious warning.

SquareX first detailed this technique in 2024 to illustrate a broader challenge: many endpoint and network tools lack visibility into what happens in the browser — including browser extensions, clipboard activity, and in-browser scripting.

🧠 Read our full analysis, with step-by-step details, of the ClickFix attack →

Why Traditional Security Tools Miss Browser Attacks

Most healthcare organizations rely on a familiar stack: Secure Web Gateways (SWG), Endpoint Detection & Response (EDR), and Data Loss Prevention (DLP). But these tools were not designed for the complexity of modern browsers.

What they miss:

• DOM-level changes (malicious form injections or script manipulations)
• Malicious browser extensions (often installed by non-technical staff)
• Clipboard hijacking (stealing credentials or session tokens)
• Client-side file and data reassembly (a malicious file that is broken into parts to avoid detection and after all pieces are downloaded, it is reassembled into a full payload)
• WASM-based payloads (running near-native code inside the browser)

Meanwhile, many clinical workflows — from EHRs to claims portals — now run in the browser. In fact, a 2024 survey of the healthcare technology market showed healthcare SaaS expecting to grow nearly 20% by 2028.

This is where Browser Detection & Response (BDR) can complement existing investments — by providing client-side visibility into user behavior and web application interactions that traditional controls can’t see.

Practical Next Steps for Healthcare Security Teams

This is a good moment to reassess browser-layer visibility and controls. Here are some actions that security teams can take today:

1. Audit browser extension policies and usage, especially for unmanaged or personal devices accessing hospital systems.
2. Review recent phishing incidents for browser-based interaction patterns — such as prompts, redirects, or spoofed logins.
3. Test your existing tools against modern client-side attack scenarios. Tools like SquareX’s Web Security Posture Assessment offer a free analysis of your current risk based on real-world threats.
4. Explore BDR solutions that can provide visibility into browser events, prevent data leakage, and enrich threat investigations — without disrupting clinical workflows.

Final Thoughts

The Kettering Health ransomware incident is yet another reminder of how persistent and creative today’s adversaries have become. While we don’t yet know exactly how the breach occurred, the involvement of a group known to use browser-based techniques raises thoughtful questions for defenders.

Rather than respond with alarm, this is an opportunity to ask:

Do we have the visibility we need at the browser layer?

Are we prepared to detect and respond to client-side threats that bypass legacy controls?

If your answer is no, that’s okay. Modernizing browser security doesn’t require a full overhaul — you may just need to layer in the right visibility where today’s users and workflows operate. Learn more in this Browser Detection and Response white paper.

Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence appeared first on Security Boulevard.