April 2025

Emergency patch for potential SAP zero-day that could grant full system control

German software giant paywalls details, but experts piece together the clues SAP's latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.…

Claims assistance firm fined for cold-calling people who put themselves on opt-out list

Third-party data supplier also in hot water with Brit regulator over consent issues Britain's data privacy watchdog has slapped a fine of £90k ($120k) on a business that targeted people with intrusive marketing phone calls, despite them being registered with the official "Do Not Call" opt-out service.…

Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry

Because coding phishing sites from scratch is a real pain in the neck Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing sites in multiple languages more efficiently.…

Microsoft mystery folder fix might need a fix of its own

This one weird trick can stop Windows updates dead in their tracks Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows…

Assassin’s Creed maker faces GDPR complaint for forcing single-player gamers online

Collecting data from solo players is a Far Cry from being necessary, says noyb For anyone who's ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard you, and they've filed a complaint against Ubisoft…

M&S takes systems offline as ‘cyber incident’ lingers

Customers told to expect further delays as contactless payments still down UK high street retailer Marks & Spencer says contactless payments are still down following its "cyber incident" and order delays are likely to continue.…

Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year

Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.…

Booby-trapped Alpine Quest Android app geolocates Russian soldiers

Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.…

We’re calling it now: Agentic AI will win RSAC buzzword Bingo

All aboard the hype train The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don't believe us? Take a lap on the expo floor, and you'll be bombarded with enough acronyms and over-the-top claims to…

Who needs phishing when your login’s already in the wild?

Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in…

Copyright © 2024 Lugapel