Max Severity Bug in Apache Roller Enabled Persistent Access

The remediated flaw gave adversaries a way to maintain access to the app through password resets.

Apr. 16, 2025 Signup

Daily Edition

Today’s news and insights for cybersecurity professionals

- Today's News and Features -

TOP STORY

Max Severity Bug in Apache Roller Enabled Persistent Access‎‎ The remediated flaw gave adversaries a way to maintain access to the app through password resets.‎‎ Keep Reading →

AI-Powered Presentation Tool Leveraged in Phishing Attacks‎‎ Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named "Gamma" in phishing attacks.‎‎

China-Backed Threat Actor 'UNC5174' Using Open Source Tools in Stealthy Attacks‎‎ Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar.‎‎

Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats‎‎ Russia-backed APT29's latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages — errr, victims — and delivers a novel backdoor, GrapeLoader.‎‎

Hertz Falls Victim to Cleo Zero-Day Attacks‎ Customer data such as birth dates, credit card numbers, and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file-transfer products.‎

With AI's Help, Bad Bots Are Taking Over the Web‎‎ Bad bots are becoming increasingly difficult to detect as they more easily mimic human behaviors and utilize evasion techniques, researchers say.‎‎

THE EDGE

Accounting Firms Can't Skimp on Cybersecurity‎ Cybercriminals capitalize on tax preparation stress, technology sprawl, and lax communications. Accounting teams can't afford to treat cybersecurity as an afterthought.‎

SPONSORED ARTICLE

Malware in Their Midst: The Rising Threats Inside Collaboration Apps‎‎ Phishing remains a preferred method of breaching Microsoft 365, but cybercriminals are getting creative with Teams attacks.‎‎

Read More →

- Commentary -

Opinions from thought leaders around the cybersecurity industry

Are We Prioritizing the Wrong Security Metrics?‎‎ True security isn't about meeting deadlines — it's about mitigating risk in a way that aligns with business objectives while protecting against real-world threats.‎‎

7 RSAC 2025 Cloud Security Sessions You Don't Want to Miss‎‎ Some of the brightest minds in the industry will discuss how to strengthen cloud security.‎‎

More Commentary →

- Upcoming Events -

Apr 16, 2025 VPNs, RMMs, and Beyond: How Are Attackers Adapting?

Apr 17, 2025 Identifying Third-Party Risk Using Threat Intelligence

Aug 2, 2025 [Conference] Black Hat USA - August 2-7 - Learn More

More Events →

- More Resources -

WHITE PAPER State of AI in Cybersecurity: Beyond the Hype

WHITE PAPER The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures

WHITE PAPER Secure remote access. Simplified.

REPORT Effective Asset Management Is Critical to Enterprise Cybersecurity

More Resources →

- Elsewhere in Cyber Today -

CYBERSECURITY DIVE

Attackers Exploit Zero-Day Flaw in Gladinet CentreStack File-Sharing Platform

ELECTRONIC FRONTIER FOUNDATION

Privacy on the Map: How States Are Fighting Location Surveillance

TECHTARGET SEARCH SECURITY

How to Conduct Ransomware Awareness Training for Employees

- Do You Find Today’s Newsletter Helpful? -

Yes Not sure No

You received this message because you are subscribed to Dark Reading's Daily newsletter. If a friend forwarded you this message, sign up here to get it in your inbox. Thoughts about this newsletter? Give us feedback.

Advertise With Us | Privacy Policy | Unsubscribe Copyright © 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US