Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. "Based on our investigation to date, certain files were taken from some of our internal U.S. business systems," a spokesperson confirmed to BleepingComputer. "Since the incident was detected, our teams have been working diligently to determine what information may have been affected." READ MORE...
If you sometimes feel that the internet isn't the same vibrant place it used to be, you're not alone. New research suggests that most of the traffic traversing the network isn't human at all. Bots (software programs that interact with web sites) have been ubiquitous for years. But in its 2025 Bad Bot Report, application security company Imperva claimed this is the first time traffic from bots became more prevalent than human traffic. READ MORE...
Atlassian and Cisco this week announced patches for multiple high-severity vulnerabilities in their products, including flaws leading to remote code execution. Atlassian released seven updates that address four high-severity flaws impacting third-party dependencies in Bamboo, Confluence, and Jira, including some that were publicly disclosed nearly six years ago. A denial-of-service (DoS) issue in Netplex Json-smart that could be exploited without authentication was resolved. READ MORE...
Researchers are urging enterprises that rely on NVIDIA GPUs for their artificial intelligence (AI) workloads to ensure that systems are patched against critical security vulnerabilities in an NVIDIA toolkit for running GPU-accelerated containers. If exploited, the bugs can allow attackers to gain access to sensitive data, steal proprietary AI models, or create operational disruptions. READ MORE...
British soldiers have successfully taken down drones with a radio-wave weapon. The demonstrator weapon, a type of Radiofrequency Directed Energy Weapon (RF DEW), uses high-frequency radio waves to disrupt the electronic components inside drones, resulting in the devices malfunctioning. "RF DEW systems can defeat airborne targets at ranges of up to 1 km and are effective against threats which cannot be jammed using electronic warfare," the Ministry of Defence (MOD) said. READ MORE...
Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the cost-trimming DOGE's activities at the employment watchdog - which the staffer claims included being granted superuser status in contravention of standard operating procedures, exfiltrating data, and seemingly leaking credentials to someone with a Russian IP address. READ MORE...
On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. Tracked as CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices. Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks. READ MORE...
Newly identified versions of the BrickStorm backdoor used in the MITRE hack in early 2024 are targeting Windows environments, cybersecurity firm Nviso warns. To hack MITRE, a Chinese APT tracked as UNC5221 exploited two zero-day vulnerabilities in an Ivanti Connect Secure VPN as early as December 31, 2023, following up with fingerprinting in January 4, 2024, and lateral movement and malware deployment in the next few days. READ MORE...
CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. "Active exploitation in the wild has been observed since March 19, 2025, potentially allowing attackers to leak NTLM hashes or user passwords and compromise systems," Check Point researchers have shared. READ MORE...