CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation. The list of flaws is as follows: CVE-2014-3931 (CVSS score: 9.8) A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory …

eSentire Threat Response Unit confirms that email accounts are heavily targeted. The report states that identity-driven threats rose 156% from 2023 to 2025, now making up 59% of threat cases in Q1 2025. This increase is fueled by Cybercrime-as-a-Service, particularly Phishing-as-a-Service, which attackers can access for as little as $200 …

IBM X-Force has analyzed Microsoft Azure Arc, revealing how this hybrid-cloud management tool can pose risks for code execution, privilege escalation, and stealthy persistence. This study began when IBM’s red team found a hardcoded Azure Service Principal secret in a PowerShell script, prompting a closer look at Azure Arc’s operations …