On April 29, 2025, SonicWall announced that two previously disclosed vulnerabilities in its SMA 100 Series appliances are being actively exploited. They urge customers to update to the latest secure firmware to avoid compromise. First identified in December 2023, CVE-2023-44221 has now been confirmed as under active exploitation. The vulnerability—assigned …

Commvault confirmed that a sophisticated cyberattack exploiting a zero-day vulnerability breached its Azure cloud environment earlier this week. On February 20, 2025, Microsoft notified Commvault of unauthorized activity in its Azure cloud environment. Commvault announced its immediate response, activating incident protocols and involving leading cybersecurity experts and law enforcement. The …

Indian Pimpri Chinchwad police’s cyber cell is looking into a complaint where a hacker demanded $80,000 (over Rs 68 lakh) from a biopharmaceutical company in Hinjewadi to release encrypted data he had stolen. A senior employee contacted the police on Monday following a threatening email received on April 27. A …

This week, Apple notified several individuals it believes were targeted by government spyware, according to two of those individuals. As of Wednesday, only two people have reported receiving notifications from Apple this week. Ciro Pellegrino, an Italian journalist for Fanpage, reported receiving an email and text from Apple on Tuesday …

Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database with 520,054 records from an event ticket resale platform and reported it to vpnMentor. The unprotected public database had 520,054 records totaling 200 GB. It was labeled as containing customer inventory files in PDF, JPG, PNG, and JSON formats. A review of …

Banglalink, the country’s leading digital operator, has launched bCloud, its very own cloud service brand aimed at delivering world-class cloud solutions to its valued enterprise business clientele. The launch is in partnership with Pico Public Cloud, an affiliated company of Fiber@Home, the nation’s largest transmission network provider. The launching ceremony …

Security vulnerabilities in Apple’s AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including remote code execution. Oligo Security researchers found flaws that can be exploited in zero-click and one-click remote code execution (RCE) attacks, man-in-the-middle (MITM) attacks, denial of service (DoS) attacks, and …

A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a significant rise in attempts to access sensitive Git configuration files. On April 20 and 21, GreyNoise recorded over 4,800 unique IPs targeting these files, marking a record high and indicating …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation. The vulnerabilities in question are listed below: CVE-2025-1976 (CVSS score: 8.6): A code …

Google’s Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related to spyware attacks. The number of zero-day vulnerabilities is down from 97 in 2023 but up from 63 in 2022. GTIG analysts note that this year-to-year fluctuation reflects an overall …