Risk
-
Critical Vulnerability in Windows Server 2025 Exposes Active Directory to Domain Compromise
A critical vulnerability in Windows Server 2025 allows attackers to exploit Active Directory security features, posing risks of full domain compromise. The vulnerability, dubbed the ‘BadSuccessor’ attack, enables unauthorized users to inherit privileges from legitimate accounts without detection, prompting urgent patch development from Microsoft.
-
Critical SAMLify Vulnerability Exposes Single Sign-On Systems to Attacks
A critical vulnerability in the samlify library enables attackers to bypass Single Sign-On protections, posing a severe risk to authentication systems reliant on SAML. The flaw, tracked as CVE-2025-47949, has been assessed with a CVSS score of 9.9 out of 10.
-
Russian Cyberespionage Targets Aid Organizations Supporting Ukraine
A state-sponsored cyberespionage campaign attributed to the Russian group APT28 is targeting aid organizations linked to Ukraine, employing a variety of hacking techniques to disrupt humanitarian efforts and track aid shipments.
-
SK Telecom Confirms Massive Malware Breach Impacting Millions of Subscribers
SK Telecom has confirmed a substantial cybersecurity breach affecting the USIM data of around 27 million subscribers, with malware traces dating back to 2022. The company is taking extensive measures to secure its network, including offering free SIM replacements for affected customers.
-
Emerging Threat: Nitrogen Ransomware Targets Financial Sector in US, UK, and Canada
The Nitrogen ransomware strain has emerged as a significant threat to financial organizations in the US, UK, and Canada, encrypting crucial data and demanding hefty ransoms from victims. Cybersecurity experts warn that its sophisticated tactics pose a severe risk to unprepared entities.
-
Data Breach at Serviceaide Affects 500,000 Catholic Health Patients
A data breach at Serviceaide has exposed sensitive health information for approximately 500,000 patients connected to Catholic Health in New York. The breach was linked to a misconfigured database and has raised concerns about data security across the healthcare industry.
-
Growing Threats from Sideloaded iOS Apps Exposed in New Report
Zimperium’s latest report uncovers significant security vulnerabilities associated with sideloaded iOS applications, illuminating risks that threaten both individual users and businesses. The analysis reveals how malicious apps exploit iOS flaws to bypass security protocols.
-
New Tool ‘Defendnot’ Manipulates Windows Security to Disable Microsoft Defender
The newly developed tool ‘Defendnot’ exploits a Windows Security API to disable Microsoft Defender by masquerading as a fake antivirus product, raising significant security concerns about system manipulations.
-
Broadcom Faces Data Theft Following Ransomware Attack on Payroll Partner
Broadcom has confirmed a data theft incident following a ransomware attack on its former payroll partner, Business Systems House. The breach affects sensitive employee data, prompting investigations and heightened security measures.
-
Critical SAP NetWeaver Vulnerability Targeted by Ransomware and APT Groups
Ransomware and Chinese APT groups are exploiting a critical vulnerability in SAP’s NetWeaver, identified as CVE-2025-31324, which has a CVSS score of 10, enabling attackers to execute remote code without authentication.
