Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2Â with many new features gradually rolling out, and some new bug fixes for everyone. The KB5055627 update is part of the company’s optional non-security preview updates schedule, which pushes updates at the end of each month to let Windows admins test bug fixes, improvements, and features that […]
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense’s CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS […]
British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. The multinational retailer operates over 1,400 stores, employs 64,000 employees globally, and sells various products, including clothing, food, and home goods. M&S, which reported revenues of ÂŁ13 billion for FY24, is listed on the London […]
African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. MTN Group (formerly M-Cell) is Africa’s largest mobile network operator, with a strong Asian market presence. The company has nearly 300 million subscribers across 20 countries and an annual revenue surpassing $11 […]
A recent Windows security update that creates an âinetpubâ folder has introduced a new weakness allowing attackers to prevent the installation of future updates. After people installed this month’s Microsoft Patch Tuesday security updates, Windows users suddenly found an “inetpub” folder owned by the SYSTEM account created in the root of the system drive, normally the C: drive. It […]
âBaltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. Established in 1829, the public school district provides primary and secondary education to 76,841 enrolled students through 164 schools and programs. “On February 13, 2025, Baltimore City […]
SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE-2025-31324 and rated critical (CVSS v3 score: 10.0), is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer, specifically the Metadata Uploader component. It allows attackers to upload malicious executable […]
The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. In October, the FBI and CISA confirmed that the Chinese state hackers had breached multiple telecom providers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream) and many other telecom companies […]
Microsoft says it will soon fix a known issue causing CPU spikes when typing messages in recent versions of its classic Outlook email client. Redmond confirmed this bug last week after a wave of user reports on various online platforms since early November, including Microsoft’s community website, with those affected saying that disabling all spell-check options and add-ins […]
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that […]
