Vendors
-
Fortinet patches critical FortiSIEM vulnerability CVE-2025-25256 as exploit code surfaces in the wild
Fortinet issued patches for a critical FortiSIEM vulnerability (CVE-2025-25256) after exploit code appeared in the wild. The flaw enables unauthenticated code execution through crafted CLI requests across multiple FortiSIEM versions. Upgrades to fixed releases are recommended, and administrators should limit access to the phMonitor port if upgrades are not feasible. Indicator coverage may be limited…
-
WinRAR Addresses Critical Zero-Day Vulnerability Exploited in Active Attacks
WinRAR has released an urgent update to address a critical zero-day vulnerability, CVE-2025-8088, that is actively being exploited to execute arbitrary code through malicious archive files. Users are strongly advised to upgrade to version 7.13.
-
Chanel Faces Data Breach Amid Ongoing Salesforce Security Threats
Chanel has confirmed a data breach impacting U.S. customers, linked to a series of ongoing Salesforce data theft attacks. The breach has raised concerns about security practices within the fashion industry as companies increasingly fall prey to sophisticated cyber threats.
-
Tea Dating App Data Breach Gets Worse, Exposes More Private User Information
The Tea app faces a significant data breach, exposing 59 GB of user data, including sensitive personal messages and images, due to vulnerabilities in its security. Authorities and cybersecurity experts are investigating the matter as the company attempts to mitigate the fallout and protect affected users.
-
Cybercrime Group Scattered Spider Targets VMware ESXi in Coordinated Attacks
Scattered Spider has intensified its attacks against VMware ESXi hypervisors in North America, employing advanced social engineering tactics that pose an acute risk to critical infrastructure. Google’s Mandiant team warns that organizations must adopt proactive security measures to defend against these targeted attacks.
-
Aeroflot Flights Disrupted Amid IT System Failure Attributed to Hacktivist Groups
Aeroflot faced substantial flight disruptions on Monday due to an IT system failure, purportedly caused by hacktivist groups. The resulting cancellations and delays sparked frustration among passengers as the airline’s operations continued to be affected by external pressures, including geopolitical tensions.
-
Microsoft Warns of Data Sovereignty Challenges Amid US Cloud Act
Microsoft has acknowledged it cannot guarantee data sovereignty for its customers in France and the EU due to the Cloud Act, raising significant privacy and security concerns amid increasing tensions between the US and European nations.
-
New Coyote Banking Trojan Exploits Microsoft UI Automation to Target Users
The Coyote banking trojan has been detected using Microsoft’s UI Automation framework to extract banking credentials, marking a significant evolution in malware tactics. Cybersecurity researchers at Akamai confirm it is the first time this technique has been actively exploited, primarily targeting Brazilian users and adapting its methods to evade traditional detection systems.
-
China-Linked APT41 Targets African IT Infrastructure in New Cyber Espionage Campaign
APT41, a Chinese-linked cyber espionage group, has launched a targeted campaign against government IT services in Africa, utilizing advanced malware techniques that involve a compromised SharePoint server for communication.
-
ExpressVPN Resolves Critical IP Leak Issue Affecting Remote Desktop Users
ExpressVPN has resolved a critical security flaw that exposed users’ IP addresses during Remote Desktop Protocol sessions, following insights from a bug bounty program. Affected users are encouraged to update their software for enhanced privacy.
