Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers' orders. Masimo Corporation is a California-based medical technology and consumer electronics maker. It's best known for its noninvasive patient monitoring products like pulse oximeters, brain function monitors, hemodynamic monitoring systems, capnography and gas monitoring solutions, and remote patient monitoring platforms. READ MORE...
Meta on Tuesday boasted about winning the lawsuit against NSO Group, after a jury ordered the Israeli spyware maker to pay more than $167 million for the hacking of WhatsApp users. The lawsuit against NSO was filed in 2019, after it came to light that a zero-day vulnerability had been exploited to deliver NSO-made spyware to roughly 1,400 WhatsApp users. The jury verdict comes after in December 2024 a judge ruled that NSO Group is liable for the hacking of WhatsApp users. READ MORE...
Certain versions of Commvault Command Center remain open to attack via a recently disclosed maximum severity vulnerability, even in supposedly patched builds of the software. Attackers are actively exploiting CVE-2025-34028, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its catalog. The server-side request forgery (SSRF) vulnerability allows an unauthenticated remote attacker to execute code of their choice on affected systems. READ MORE...
Multiple ransomware groups appear to have exploited a recently patched Windows vulnerability as a zero-day, Symantec reported. The vulnerability in question is tracked as CVE-2025-29824 and it was patched by Microsoft with its April 2025 Patch Tuesday updates. The flaw impacts the Windows Common Log File System (CLFS) and it can be exploited by an attacker to escalate privileges. Microsoft revealed that it had been exploited by cybercriminals in attacks aimed at a "small number of targets." READ MORE...
?Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. Such platforms are often marketed as legitimate testing tools on the dark web and hacking forums, but are mainly used to disrupt online services, servers, and websites by flooding them with traffic in distributed denial-of-service (DDoS) attack. READ MORE...
The FBI has issued a warning about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees in order to scam people. Between December 2023 and February 2025, the FBI received over 100 reports of scams involving people posing as IC3 employees. These scammers contact their victims using various methods, including email, phone calls, social media, and online forums. READ MORE...
CISA added two older SonicWall bugs to the Known Exploited Vulnerabilities (KEV) catalog, marking the latest threat activity targeting the network security vendor's products. The vulnerabilities are tracked as CVE-2023-44221 and CVE-2024-38475 and affect SonicWall's SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v secure remote access products. They can be exploited remotely to inject OS commands and map URLs to file system locations. READ MORE...
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable Langflow servers by exploiting an API endpoint flaw. READ MORE...