SAP zero-day vulnerability under widespread active exploitation
Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.
Advertisement
Cybercrime
Verizon’s Alex Pinto on the takeaways from the 2025 DBIR
Alex Pinto, Associate Director of Threat Intelligence at Verizon Business
Attackers hit security device defects hard in 2024
Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network…
10 key numbers from the 2024 FBI IC3 report
The yearly report from the bureau is filled with stats. We pulled out the most interesting ones.
Verizon discovers spike in ransomware and exploited vulnerabilities
Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.
Advertisement
Attackers stick with effective intrusion points, valid credentials and exploits
Infostealers fueled the staying power of identity-based attacks, increasing 84% on a weekly average last year, according to IBM X-Force.
Will Pearce on the ever-changing field of offensive AI security
Will Pearce, CEO and Co-founder of Dreadnode
Chinese espionage group leans on open-source tools to mask intrusions
Sysdig researchers say UNC5174’s use of open-source tools like VShell and WebSockets has likely helped the group mask its presence in other campaigns.
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.
Microsoft patches zero-day actively exploited in string of ransomware attacks
Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.
Advertisement