Ionut Arghire

Romania

Security News Reporter at SecurityWeek

News Reporter

Featured in: Favicon

securityweek.com Favicon

softpedia.com Favicon

thestkittsnevisobserver.com Favicon

news.softpedia.com

Articles

Cy4Data Labs Raises $10 Million to Secure Data in Use

6 days ago | securityweek.com | Ionut Arghire

California-based data protection startup Cy4Data Labs on Thursday announced raising $10 million in a Series A funding round led by Pelion Venture Partners. This is the first investment round for the company. Cy4Data Labs has built a solution that can protect data across on-premises, cloud, and SaaS environments, even when in use, by keeping it always encrypted, using NIST-approved standards.
Ahold Delhaize Confirms Data Stolen in Ransomware Attack

6 days ago | securityweek.com | Ionut Arghire

Dutch food giant Ahold Delhaize on Thursday announced that data was stolen from its systems during a November 2024 cyberattack. The incident occurred in early November, impacting Giant Food pharmacies and Hannaford supermarkets and knocking Hannaford’s ecommerce portal offline. The Ahold Delhaize-owned stores, however, remained open.
Fresh Windows NTLM Vulnerability Exploited in Attacks

6 days ago | securityweek.com | Ionut Arghire

The exploitation of a Windows NTLM vulnerability started roughly a week after patches were released last month, Check Point warns. Tracked as CVE-2025-24054 (CVSS score of 6.5) and resolved on March 2025 Patch Tuesday, the medium-severity flaw could allow NTLM hash disclosure, enabling attackers to perform spoofing attacks over a network. According to Microsoft’s advisory, successful exploitation of the bug requires minimal interaction from the user.
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects

1 week ago | securityweek.com | Ionut Arghire

A Maryland man admitted in court to obtaining remote IT work at US companies on behalf of individuals located in China. As part of the scheme, the man, Minh Phuong Ngoc Vong, 40, of Bowie, defrauded 13 US companies that hired him as a remote software developer, by allowing others to use company-provided assets to do the IT work and receive payment for it.
Vulnerabilities Patched in Atlassian, Cisco Products

1 week ago | securityweek.com | Ionut Arghire

Atlassian and Cisco this week announced patches for multiple high-severity vulnerabilities in their products, including flaws leading to remote code execution. Atlassian released seven updates that address four high-severity flaws impacting third-party dependencies in Bamboo, Confluence, and Jira, including some that were publicly disclosed nearly six years ago.
Chinese APT Mustang Panda Updates, Expands Arsenal

1 week ago | securityweek.com | Ionut Arghire

The Chinese espionage-focused APT tracked as Mustang Panda has used an updated backdoor and several new tools in a recent attack, cybersecurity firm Zscaler reports. Active for over a decade, the state-sponsored hacking group, also tracked as Basin, Bronze President, Earth Preta, and Red Delta, is known for targeting government and military entities, as well as NGOs and minority groups, mainly in East Asia, but also in Europe.
MITRE Hackers' Backdoor Has Targeted Windows for Years

1 week ago | securityweek.com | Ionut Arghire

Newly identified versions of the BrickStorm backdoor used in the MITRE hack in early 2024 are targeting Windows environments, cybersecurity firm Nviso warns. To hack MITRE, a Chinese APT tracked as UNC5221 exploited two zero-day vulnerabilities in an Ivanti Connect Secure VPN as early as December 31, 2023, following up with fingerprinting in January 4, 2024, and lateral movement and malware deployment in the next few days.
Enhanced Version of 'BPFDoor' Linux Backdoor Seen in the Wild

1 week ago | securityweek.com | Ionut Arghire

Recently identified iterations of the BPFDoor Linux backdoor rely on a controller to open a reverse shell and control additional hosts on the network, Trend Micro reports. Initially detailed in 2021, BPFDoor is a backdoor attributed to a Chinese state-sponsored threat actor tracked as Red Menshen and Earth Bluecrow, and which focuses on detection evasion, allowing attackers to maintain long-term access to infected networks.
Critical Vulnerability Found in Apache Roller Blog Server

1 week ago | securityweek.com | Ionut Arghire

A critical vulnerability in Apache Roller could allow attackers to abuse previous sessions to maintain persistent access even after password changes. An open source, Java-based blog server, Roller includes a content management system, multi-user support with three permission levels, integrated search, and support for templates and themes.
Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities

1 week ago | securityweek.com | Ionut Arghire

Google and Mozilla on Tuesday announced security updates for Chrome 135 and Firefox 137 that address potentially exploitable critical- and high-severity vulnerabilities. Chrome versions 135.0.7049.95/.96 for Windows and macOS and version 135.0.7049.95 for Linux were rolled out with fixes for two memory safety vulnerabilities reported by external researchers. The first, tracked as CVE-2025-3619, is described as a critical-severity heap buffer overflow issue in Codecs.