A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain unauthorized access to the vulnerable application.

About 47% of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network, according to Imprivata and the Ponemon Institute.

BadDNS is an open-source Python tool used to check domain and subdomain takeovers. By examining client-side resources and security headers, it can uncover risks that could lead to malicious code being injected if a trusted domain is compromised.

Experts have warned of “Scam Yourself” attacks, an advanced form of social engineering targeting users’ routines and trust, and exploiting psychological biases to trick individuals into triggering malicious actions.

Fortinet says attackers exploiting the zero-day in the wild are creating randomly generated admin or local users on compromised devices and are adding them to existing SSL VPN user groups or to new ones they also add.

A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used.

With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, according to SecurityScorecard.

While the majority of employees avoid risky behaviors, a small subset makes them a habit, posing a significant cybersecurity challenge, according to a report by Mimecast.

Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to court documents, he conspired to operate the Raccoon Infostealer as a malware-as-a-service (MaaS).

Threat feeds struggle to address critical threats like zero-day vulnerabilities, social engineering, and exploits requiring real-time intervention, while also facing challenges in maintaining accurate, up-to-date threat blacklists.