Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

Malicious code in synapseml-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3 Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious...

IT threat evolution in Q3 2025. Non-mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics Quarterly figures In Q3 2025: Kaspersky solutions blocked more than 389 million attacks that originated with various online resources. Web Anti-Virus responded to 52 million unique links. File...

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite EBS software since August 9, 2025, Google Threat Intelligence Group GTIG and Mandiant said in a new report released Thursday. "We're still assessing the scope of this...

Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach

Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July...

A week in security (February 10 – February 16)

Last week on Malwarebytes Labs: A suicide reveals the lonely side of AI chatbots, with Courtney Brown Lock and Code S06E03 Apple ordered to grant access to users’ encrypted data Phishing evolves beyond email to become latest Android app threat Apple fixes zero-day vulnerability used in "extremely...

PT-2025-6278

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy versions 7.2.0 through 7.2.12 Description A critical authentication bypass issue exists in FortiOS and FortiProxy, potentially allowing a remote,...

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...

Exploit for Deserialization of Untrusted Data in Veeam Veeam_Backup_\&_Replication

CVE-2024-40711-poc CVE-2024-40711 is a serious vulnerability...

Why is the cost of cyber insurance rising?

I just bought an electric car last week, so Ive been shopping for new car insurance policies that could offer me a discount for ditching gas. Were all familiar with the boring process of entering the same information 10 times over into 10 different companies websites trying to see who comes out t...

Pre-ransomware notifications are paying off right from the bat

CISA Cybersecurity and Infrastructure Security Agency has published the first results of its pre-ransomware notifications that were introduced at the start of 2023. Even though this initiative is relatively young, CISA says it has notified over 60 entities across the energy, healthcare,...

How an incident response retainer can drive proactive security

Weve written before about the importance of taking a proactive approach to cybersecurity. Whether it be threat hunting, an active defense posture or just improving security instrumentation alerts and logs an organization keeps, its best for every user -- no matter the size -- to be prepared for...

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

BEQ BillQuick Web Suite SQL注入漏洞

BEQ BillQuick Web Suite is a time and billing system from BEQ USA. BQE BillQuick Web Suite suffers from a SQL injection vulnerability that stems from BQE BillQuick Web Suite 2018 through 2021 allows SQL injection to be used for unauthenticated remote code execution, such as that exploited in the...