Vulnerabilities
-
Growing Threats from Sideloaded iOS Apps Exposed in New Report
Zimperium’s latest report uncovers significant security vulnerabilities associated with sideloaded iOS applications, illuminating risks that threaten both individual users and businesses. The analysis reveals how malicious apps exploit iOS flaws to bypass security protocols.
-
UK Ministry of Justice Confirms Data Theft Affecting Legal Aid Applicants
The UK Ministry of Justice (MoJ) has confirmed a significant data breach affecting legal aid applicants, revealing potentially sensitive information, including personal and financial data, was stolen by cybercriminals. The MoJ is coordinating with the National Cyber Security Centre to enhance security and advises affected individuals to remain vigilant.
-
Mozilla Addresses Critical Vulnerabilities in Firefox Browser
Mozilla has issued critical security updates for Firefox to address two vulnerabilities exploited at Pwn2Own Berlin, which could allow attackers to access sensitive data or execute unauthorized code.
-
Alabama State Investigates Cybersecurity Breach as Online Criminal Marketplace Operator Faces Charges
The Alabama state government is investigating a cybersecurity event affecting state systems, while a Kosovan man faces charges for operating a criminal marketplace selling stolen data. Both incidents illustrate rising concerns over cyber threats and information security.
-
New Python Backdoor Discovered, Linked to Pro-Ukraine Hackers
ReversingLabs has revealed a new malicious Python package, dbgpkg, designed to create backdoors on developers’ systems, suspected to be linked to a pro-Ukraine hacktivist group targeting Russian interests.
-
Australian Human Rights Commission Reports Data Breach Affecting Sensitive Personal Information
The Australian Human Rights Commission (AHRC) revealed a data breach that exposed sensitive personal information submitted through its online complaint forms, affecting approximately 670 documents. The commission has initiated an investigation and implemented measures to contain the issue.
-
Google Fixes High-Severity Chrome Vulnerability Amid Ongoing Attacks
Google has fixed a critical vulnerability in Chrome, CVE-2025-4664, being actively exploited by attackers. CISA’s inclusion of this flaw in its known exploited vulnerabilities list underscores urgent calls for browser updates among federal agencies and private organizations alike.
-
FBI Alerts of Deepfake Fraud Campaign Targeting US Officials
The FBI has warned of a fraud campaign using deepfake technology to impersonate U.S. officials, aiming to extract sensitive login information from targets. The agency advises vigilance and verification of communications to prevent falling victim to these sophisticated scams.
-
Critical SAP NetWeaver Vulnerability Targeted by Ransomware and APT Groups
Ransomware and Chinese APT groups are exploiting a critical vulnerability in SAP’s NetWeaver, identified as CVE-2025-31324, which has a CVSS score of 10, enabling attackers to execute remote code without authentication.
-
Russian Hackers Exploit Old Vulnerabilities to Target Global Mail Servers
Security firm ESET reports that hackers, likely linked to the Russian government, have exploited long-standing cross-site scripting vulnerabilities to breach multiple high-value mail servers globally, with significant implications for defense contractors in Eastern Europe.
