

US CISA extends MITRE CVE, CWE programs with last-minute contract extension, prevents shutdown
In an eleventh-hour move, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ensured that the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs did not lapse. The move will ensure that the MITRE Corporation will continue operating the CVE program for at least another 11 months after federal cybersecurity officials confirmed that they temporarily…

Nissan Leaf Hacked for Remote Spying, Physical Takeover; Vulnerabilities found
vulnerabilities affecting the Nissan Leaf electric vehicle Researchers have demonstrated that a series of vulnerabilities affecting the Nissan Leaf electric vehicle can be exploited to remotely hack the car, including for spying and the physical takeover of various functions. The research was conducted by PCAutomotive, a company that offers penetration testing and threat intelligence services…

UnitedHealth asks Healthcare providers for hack loan repayments
UnitedHealth Group is demanding that healthcare providers repay the loans they received from the company after a cyberattack at its tech unit Change Healthcare last year, according to two providers on Friday. The largest U.S. health insurance company loaned out $9 billion to providers who had been struggling after the massive ransomware attack in February…

SonicWall Patches Multi Vulnerabilities in NetExtender VPN Client
SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks. SonicWall outlined three distinct vulnerabilities affecting NetExtender for Windows versions 10.3.1 and earlier: CVE-2025-23008 — Improper Privilege Management (CVSS 7.2) This high-severity flaw allows a low-privileged attacker…

Shuckworm’s Sophisticated Cyber Campaign Targets Ukraine Military Mission
Shuckworm’s cyber campaign focus on Ukraine has continued into 2025, targeting the military mission of a Western country based in the Eastern European nation. This first activity in this campaign occurred in February 2025, and it continued into March. The initial infection vector used by the attackers appears to have been an infected removable drive….

56% of Cyberattacks Bypass Security With Legitimate Logins – Report
Newly released 2025 Sophos Active Adversary Report revealed,50 % cyberattacks in 2024 bypassed traditional security defenses by using legitimate login credentials. The report, which analysed over 400 cases of Managed Detection and Response (MDR) and Incident Response (IR), revealed that 56 percent of cyberattacks were executed by adversaries simply logging in rather than breaking in….

Synechron Launches Cybersecurity AI Accelerators, Strengthening Enterprise Security
Synechron CyberAI Synechron today announced the launch of Synechron CyberAI accelerators program. This suite of four AI-driven solutions enhances enterprise security, streamlines compliance, and reduces risk exposure through automation and intelligence. Synechron’s 14th accelerator program includes: * RiskControl.AI: Automates IT risk management, offering real-time control assessments and compliance insights * AppSec.AI: Provides a unified view of security…

NETSCOUT REPORTS DDOS ATTACKS TARGETING CRITICAL INFRASTRUCTURE PLAY A DOMINANT ROLE IN GEOPOLITICAL CONFLICTS
DDoS attacks are precision-guided digital weapons as DDoS-for-hire services, AI and powerful botnets drive onslaught of attacks Threat Intelligence Report, revealing how Distributed Denial of Service (DDoS) attacks have become a dominant means of waging cyberwarfare linked to sociopolitical events such as elections, civil protests, and policy disputes. The findings show how attackers exploit moments…

New Crocodilus Malware steals Android users’ crypto wallet keys
A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. Although Crocodilus is a new banking malware, it features fully developed capabilities to take control of the device, harvest data, and remote control. Researchers at fraud prevention company…

CyberSecurity Compliance Deadline Increased by SEBI
Sebi has extended the deadline for regulated entities to adopt a cybersecurity framework to June 2025, citing requests for more time. The framework aims to enhance cyber resilience. The decision follows feedback from stakeholders requesting more time to adapt to the Industry Standards, which outline the minimum information required for review by audit committees and…