(Credit: monticellllo – stock.adobe.com)

(Credit: monticellllo – stock.adobe.com)

GitLab fixes critical SSO bypass vulnerabilities in update

Shaun NicholsMarch 14, 2025

The signature verification for the SSO system could be bypassed by using a specially crafted XML input.

RESOURCES

PODCASTS

Vulnerability Management
AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland… – SWN #459
Government Regulations
AI Is Oversharing and Leaking Data – Sounil Yu – PSW #865
Leadership
CISO vs. CIO, as CISOs Are Opting for Consulting Gigs and Cyber Pros Look for Change – BSW #386
Supply chain
The Counterfeit Problem: How Blockchain Is Revolutionizing Brand Protection – Noam Krasniansky – BSW #386
Vulnerability Management
Brains, kill switch, parking fees, CobaltStrike, Minja, Allstate, GitHub, Josh Marpet – SWN #458

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

(Credit: MCGORIE – stock.adobe.com)

Application security

Microsoft restores VS Code theme flagged as malicious: We messed up

Laura FrenchMarch 14, 2025

The theme had millions of installations before it was removed in late February.

AI Artificial Intelligence technology for data analysis, research, planning, and work generate. Man uses a laptop and AI assistant dashboard. Technology smart robot AI agents and agentic workflows.

OpenAI’s Operator AI agent can be used in phishing attacks, say researchers

Steve ZurierMarch 14, 2025

Researchers prove how attackers can use the added functionality in AI agents to launch phishing attacks.

New Lockbit-linked ransomware group targets Fortinet vulnerabilities

Laura FrenchMarch 13, 2025

The “SuperBlack” ransomware leverages the LockBit 3.0 builder with a custom encryption tool.

System warning error popup and maintenance showing. Operation system boot-up failure. Cybersecurity technology, system warning on hacked alerts.

Vulnerability Management

‘ClickFix’ campaign targets hospitality firms with phishing attacks

Shaun NicholsMarch 13, 2025

A novel twist on social engineering attacks is causing havoc for hospitality providers

Researchers use jailbreak to build functional malware via DeepSeek

Steve ZurierMarch 13, 2025

Tenable researchers jailbreak DeepSeek to build a keylogger and ransomware.

Doctors using digital tablet together in hospital

Healthcare cybersecurity set for AI boom in 2025

Shaun NicholsMarch 12, 2025

According to a CRA survey, 50% of healthcare organizations are already using AI tools in their cybersecurity practices.

Application security

Android spyware ‘KoSpy’ spread by suspected North Korean APT

Laura FrenchMarch 12, 2025

Malicious apps previously in the Google Play Store enabled theft of messages, files and more.

Application security

XCSSET macOS malware variant targets Xcode projects of app developers

Steve ZurierMarch 12, 2025

XCSSET variant features enhanced stealth features that can lead to the exfiltration of sensitive financial information.

EVENTS