Actively Exploited SAP NetWeaver Visual Composer Vulnerability Enables Remote Code Execution (CVE-2025-31324)

The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures. SAP NetWeaver serves as a robust technology platform Read More …

Cyber criminals claim to have private information of 20 million people who signed up to Co-op’s membership

Cyber criminals have told BBC News their hack against Co-op is far more serious than the company previously admitted. Hackers contacted the BBC with proof they had infiltrated IT networks and stolen huge amounts of customer and employee data. After Read More …

Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape

In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. An attacker could create an exploit to escape the App Sandbox without user interaction Read More …

AI Agents are here. So are the threats.

Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. As AI agents are becoming more widely adopted in real-world applications, understanding their security Read More …

Email Attacks Drive Record Cybercrime Losses in 2024

The FBI’s Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report. And it has revealed a record-breaking surge in cybercrime losses across the United States. Last year, total losses reached $16.6 billion, which is a 33% increase Read More …

Apple notifies new victims of spyware attacks across the world

Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed Read More …

Phishing Domains Associated with LabHost PhaaS Platform Users

The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. Prior to being disabled by law enforcement in April 2024, LabHost was Read More …