News & Updates

PCI DSS 4.0 Mandates DMARC By 31st March 2025

/
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary
News & Updates

Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

/
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
News & Updates

Microsoft fixed actively exploited flaw in Power Pages

/
Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks. Microsoft has addressed two critical vulnerabilities, tracked as CVE-2025-21355 (CVSS score: 8.6) and CVE-2025-24989 (CVSS score: 8.2), respectively impacting Bing and Power Pages. CVE-2025-21355 is a missing authentication for critical Function in Microsoft Bing, an unauthorized attacker could exploit the flaw […]
Cybersecurity Tools

8 Essential Steps for DORA Compliance and Effective Reporting

/

In 2024, every major European financial service (FS) firm suffered some kind of security breach. These shocking findings come from a study of cyber incidents in Europe last year. It found that 18% of large FS companies suffered direct breaches (where hackers broke into their systems). The rest were exposed through third- or fourth-party breaches […]

The post 8 Essential Steps for DORA Compliance and Effective Reporting appeared first on Heimdal Security Blog.

News & Updates

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

/
A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.
“The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation,” the AhnLab SEcurity Intelligence Center (ASEC)
News & Updates

Microsoft’s End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now

/
For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks
News & Updates

Citrix addressed NetScaler console privilege escalation flaw

/
Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. The vulnerability is an improper privilege management that could allow attackers to escalate privileges […]
Scroll to Top