Cybercrime
-
Critical SAP NetWeaver Vulnerability Targeted by Ransomware and APT Groups
Ransomware and Chinese APT groups are exploiting a critical vulnerability in SAP’s NetWeaver, identified as CVE-2025-31324, which has a CVSS score of 10, enabling attackers to execute remote code without authentication.
-
Nova Scotia Power Confirms Data Breach Affecting Customer Information
Nova Scotia Power has confirmed a significant data breach impacting customer information, with the utility offering credit monitoring services to affected individuals.
-
Russian Hackers Exploit Old Vulnerabilities to Target Global Mail Servers
Security firm ESET reports that hackers, likely linked to the Russian government, have exploited long-standing cross-site scripting vulnerabilities to breach multiple high-value mail servers globally, with significant implications for defense contractors in Eastern Europe.
-
Cybersecurity Experts Uncover New PowerShell Attack Leveraging Remcos RAT
Qualys Threat Research Unit reveals a new cyberattack method leveraging PowerShell to deploy Remcos RAT on systems, allowing hackers to operate undetected and carry out unauthorized surveillance and data theft.
-
Google Enhances Chrome Security by Blocking Admin-Level Launches
Google’s new feature for Chrome will block the browser from launching with administrative rights, enhancing security similar to measures already implemented in Microsoft Edge. This change aims to reduce the risk of malware executing with elevated permissions and compromising user systems.
-
Hacking Group ‘Scattered Spider’ Shifts Focus to U.S. Retailers Following UK Breaches
Google has identified a hacking group known as ‘Scattered Spider’ that is now targeting U.S. retailers after successfully breaching UK retailer Marks & Spencer. This group’s focus on high-value targets and their aggressive tactics pose significant risks to the retail sector.
-
Meta Faces Legal Challenge Over AI Training Data Amid GDPR Concerns
Meta is facing legal scrutiny as Noyb, a privacy advocacy group, challenges the tech giant’s AI training plans, arguing they violate GDPR. The situation highlights the ongoing conflict over user data consent in Europe.
-
Dior Reports Data Breach Affecting Customer Information Amid Cybersecurity Incident
Dior has disclosed a significant cybersecurity incident affecting customer information, emphasizing that payment details were not compromised while investigations continue into the breach’s scope.
-
Security Lapse Exposes Millions of Student-Athlete Records on PrepHero
A security lapse on PrepHero has exposed the personal data of over three million student-athletes and coaches, raising significant privacy concerns.
-
North Korean Konni APT Expands Phishing Attacks Targeting Ukraine
Konni APT, a North Korean threat actor, is reportedly conducting a phishing campaign aimed at Ukrainian government entities, signaling a strategic shift in its operations from Russia. The group aims to collect critical intelligence on the ongoing conflict, utilizing sophisticated phishing techniques and malware.
