Risk
-
Water Curse: A New Threat Actor Targeting GitHub to Distribute Malware
Researchers have unveiled Water Curse, a new threat actor leveraging GitHub repositories to distribute malware. The malware enables extensive data exfiltration and remote access, underscoring the risks of supply chain attacks through legitimate platforms.
-
New Flodrix Botnet Exploits Vulnerabilities in Langflow Framework
A new botnet campaign exploiting vulnerabilities in the Langflow framework has emerged, allowing attackers to deploy the Flodrix malware. Cybersecurity experts emphasize the urgency of addressing this critical security flaw.
-
Critical Vulnerability Discovered in ASUS Armoury Crate Software
A serious vulnerability in ASUS Armoury Crate software could allow attackers to achieve SYSTEM-level privileges on Windows machines, according to a report detailing the flaw. Users are urged to update their applications to mitigate potential risks.
-
Emerging Anubis Ransomware Poses Dual Threat to Victims
The Anubis ransomware poses a dual threat by encrypting and permanently erasing files, significantly heightening risks for victims across various industries, as highlighted in recent reports.
-
SinoTrack GPS Vulnerabilities Expose Vehicles to Potential Attacks
Vulnerabilities in the SinoTrack GPS tracking platform may allow attackers to track vehicle locations and control vehicle functions. CISA warns users to change default passwords and protect device identifiers.
-
Data Breach Exposes Information of 10,000 VirtualMacOSX Customers
VirtualMacOSX has allegedly suffered a data breach exposing the personal information of around 10,000 customers. The sensitive data, including names, email addresses, and financial details, was made available on a cybercrime forum, raising significant security concerns among users.
-
Over 46,000 Grafana Instances Exposed to Serious Security Flaw
A significant security vulnerability affecting over 46,000 Grafana instances remains unpatched, exposing users to the risk of account takeover. The flaw, tracked as CVE-2025-4123, allows attackers to execute malicious plugins, prompting urgent calls for updates.
-
Massive Malware Campaign Infects Over 269,000 Websites with Malicious JavaScript
A cybersecurity alert has been issued following the compromise of over 269,000 websites by a malware campaign utilizing malicious JavaScript code, showcasing significant vulnerabilities in online security measures.
-
Widespread Service Outages Affect Google Cloud and Cloudflare
Google Cloud and Cloudflare have reported widespread service outages affecting various services and platforms. Both companies are investigating the issues that began on June 12, with users experiencing significant access problems.
-
New Cybersecurity Threat Targets Over 80,000 Microsoft Entra ID Accounts
A new cybersecurity threat has surfaced, with over 80,000 Microsoft Entra ID accounts compromised by an account takeover campaign known as UNK_SneakyStrike, utilizing the TeamFiltration tool for malicious activities.
