news
Proprietary Holes and Windows TCO
-
Security Week ☛ Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws
The issues, tracked as CVE-2025-31324 (CVSS score of 10) and CVE-2025-42999 (CVSS score of 9.1), impact NetWeaver’s Visual Composer development server component and can be exploited by remote attackers to execute arbitrary code without authentication.
-
Windows TCO / Windows Bot Nets
-
Cyble Inc ☛ LockBit Leak Reveals Ransom Payment Details, Vulnerabilities
On May 7, an unidentified actor compromised LockBit’s infrastructure and defaced the group’s dark web affiliate panels with the message: “Don’t do crime CRIME IS BAD xoxo from Prague.” The attacker also released a complete database—dumped on April 29, based on metadata—which revealed extensive details about LockBit’s Ransomware-as-a-Service (RaaS) operations from December 19 through the date of the data dump.
LockBit was the most active ransomware group until a series of law enforcement actions slowed the group considerably beginning in February 2024, so the leaked database detailing the group’s inner workings is likely to further complicate comeback plans.
-
Security Week ☛ Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data
In a filing with the Security and Exchanges Commission, Coinbase said criminals made contact May 11 claiming to possess data on “less than one percent” of monthly transacting users along with internal customer-support documentation.
-
Fortra LLC ☛ Prescription For Disaster: Sensitive Patient Data Leaked in Ascension Breach
In a notification letter sent to affected individuals, the healthcare giant explains that it had learnt in December 2024 that sensitive information related to patients may be in the hands of hackers, and that by January 21 2025 it had confirmed that it was dealing with a serious incident.
-