News
-
Supply Chain Attack Targets Popular npm Packages with Malware Injection
A supply chain attack has compromised several popular npm packages, with researchers warning that malicious code injected through phishing campaigns could exploit maintainers’ credentials, leading to potential remote code execution.
-
Active Exploitation Campaign Targets Microsoft SharePoint Zero-Day Flaw
A critical vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770, is currently being exploited in a large-scale attack campaign, allowing unauthorized remote code execution. Organizations are urged to implement immediate protective measures.
-
Malware-as-a-Service Campaign Exploits GitHub for Distribution
Cisco’s Talos security team has exposed a malware-as-a-service operation utilizing GitHub for malicious software distribution, raising concerns over cybersecurity in enterprise environments.
-
Massive Data Breach Exposes Sensitive Records of Texas Adoption Agency
A data breach at the Gladney Center for Adoption has exposed sensitive information of over 1.1 million individuals, prompting concerns over privacy and data security practices in organizations handling personal information.
-
TeleMessage SGNL Exposes Sensitive Data Due to Endpoint Misconfiguration
TeleMessage SGNL, a messaging application used by U.S. agencies, has been found exposing sensitive data due to outdated configurations. Cybersecurity experts are urging immediate action to address the vulnerabilities.
-
Chinese Cyber Espionage Campaign Targets Taiwanese Semiconductor Industry
Recent spear-phishing campaigns linked to Chinese state-sponsored groups are targeting Taiwan’s semiconductor industry, emphasizing the vital role of cybersecurity in this critical sector amidst escalating geopolitical tensions.
-
Critical Cisco ISE Vulnerability Allows Pre-Authentication Command Execution
Cisco has issued an urgent advisory regarding a critical vulnerability in its Identity Services Engine (ISE) that allows unauthorized command execution. Rated 10/10 in severity, it was discovered by Kentaro Kawane and reported via Trend Micro. Cisco emphasizes the need for immediate action.
-
Chinese Hackers Breach U.S. National Guard Network, Compromise Sensitive Data
The Chinese hacking group Salt Typhoon has breached a U.S. Army National Guard network, compromising sensitive data and raising alarms over national cybersecurity.
-
Cybersecurity Researchers Uncover Advanced Matanbuchus 3.0 Malware Targeting Microsoft Teams
Cybersecurity experts have identified a new variant of the Matanbuchus malware that exploits Microsoft Teams. This advanced loader has sophisticated stealth capabilities, enhancing its potential for evading detection and targeting company employees through social engineering tactics.
-
Cloudflare Confirms 1.1.1.1 Outage Stemmed from Internal Misconfiguration, Not Attack
Cloudflare confirmed that a recent outage of its 1.1.1.1 Resolver service was caused by an internal misconfiguration, dismissing concerns of a cyberattack or BGP hijack. The incident led to significant disruptions for users globally, with full restoration achieved within hours.
