Vendors
-
Colt Technology Services says cyber incident disrupted customer portal and Voice API; no evidence of data breach reported
Colt Technology Services disclosed a cyber incident that disrupted its customer portal and internal systems, with no confirmed evidence of data breach. The company has engaged cyber experts and is restoring services, while updating customers via its status page. Separately, a ransomware group claimed to have stolen Colt documents, a claim awaiting verification.
-
CISA Adds Two N-able N-central Vulnerabilities to KEV; MSP Patch Push Underway
U.S. authorities added two vulnerabilities in N-able N-central to the Known Exploited Vulnerabilities catalog, while noting no public exploitation has been reported. The flaws—CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection)—require authentication and have been patched in N-central versions 2025.3.1 and 2024.6 HF2, with upgrades urged for on-premises deployments.
-
Fortinet patches critical FortiSIEM vulnerability CVE-2025-25256 as exploit code surfaces in the wild
Fortinet issued patches for a critical FortiSIEM vulnerability (CVE-2025-25256) after exploit code appeared in the wild. The flaw enables unauthenticated code execution through crafted CLI requests across multiple FortiSIEM versions. Upgrades to fixed releases are recommended, and administrators should limit access to the phMonitor port if upgrades are not feasible. Indicator coverage may be limited…
-
WinRAR Addresses Critical Zero-Day Vulnerability Exploited in Active Attacks
WinRAR has released an urgent update to address a critical zero-day vulnerability, CVE-2025-8088, that is actively being exploited to execute arbitrary code through malicious archive files. Users are strongly advised to upgrade to version 7.13.
-
Chanel Faces Data Breach Amid Ongoing Salesforce Security Threats
Chanel has confirmed a data breach impacting U.S. customers, linked to a series of ongoing Salesforce data theft attacks. The breach has raised concerns about security practices within the fashion industry as companies increasingly fall prey to sophisticated cyber threats.
-
Tea Dating App Data Breach Gets Worse, Exposes More Private User Information
The Tea app faces a significant data breach, exposing 59 GB of user data, including sensitive personal messages and images, due to vulnerabilities in its security. Authorities and cybersecurity experts are investigating the matter as the company attempts to mitigate the fallout and protect affected users.
-
Cybercrime Group Scattered Spider Targets VMware ESXi in Coordinated Attacks
Scattered Spider has intensified its attacks against VMware ESXi hypervisors in North America, employing advanced social engineering tactics that pose an acute risk to critical infrastructure. Google’s Mandiant team warns that organizations must adopt proactive security measures to defend against these targeted attacks.
-
Aeroflot Flights Disrupted Amid IT System Failure Attributed to Hacktivist Groups
Aeroflot faced substantial flight disruptions on Monday due to an IT system failure, purportedly caused by hacktivist groups. The resulting cancellations and delays sparked frustration among passengers as the airline’s operations continued to be affected by external pressures, including geopolitical tensions.
-
Microsoft Warns of Data Sovereignty Challenges Amid US Cloud Act
Microsoft has acknowledged it cannot guarantee data sovereignty for its customers in France and the EU due to the Cloud Act, raising significant privacy and security concerns amid increasing tensions between the US and European nations.
-
New Coyote Banking Trojan Exploits Microsoft UI Automation to Target Users
The Coyote banking trojan has been detected using Microsoft’s UI Automation framework to extract banking credentials, marking a significant evolution in malware tactics. Cybersecurity researchers at Akamai confirm it is the first time this technique has been actively exploited, primarily targeting Brazilian users and adapting its methods to evade traditional detection systems.
