Vulnerabilities
-
Russian APT Gamaredon Intensifies Phishing Campaigns Against Ukraine
Gamaredon, a Russia-aligned APT, has intensified its spear-phishing attacks on Ukrainian government institutions, revealing a significant increase in sophistication and employing new stealth capabilities in its operations.
-
North Korean Hackers Target Web3 and Crypto Businesses with Nim-based Malware
North Korean hackers are increasingly targeting Web3 and cryptocurrency sectors with sophisticated Nim-based malware, employing advanced tactics including social engineering and remote process injection techniques to extract sensitive information from compromised systems.
-
Cisco Addresses Critical Security Vulnerability in Unified Communications Manager
Cisco has released updates to mitigate a serious security vulnerability in its Unified Communications Manager that allowed for unauthorized remote access through a hardcoded backdoor account.
-
Security Flaw in Forminator Plugin Puts Over 600,000 WordPress Sites at Risk
The Forminator plugin for WordPress, used on over 600,000 sites, has a high-severity vulnerability (CVE-2025-6463) that could allow attackers to execute arbitrary file deletions, potentially leading to complete site takeovers. Users are urged to update to the latest version or disable the plugin immediately to avoid exploitation.
-
Qantas Cyberattack Exposes Data of Six Million Customers
Qantas has revealed a cyberattack that resulted in the theft of data belonging to six million customers. The airline assures that it is investigating the incident while maintaining the security of its operations.
-
International Criminal Court Faces Sophisticated Cyberattack Amid Rising Tensions
The International Criminal Court has reported a sophisticated cyberattack, the second such incident in two years, amid rising security tensions and contentious relations with the United States.
-
Google Addresses Critical Zero-Day Vulnerability in Chrome Browser
Google has released security updates to patch a critical zero-day vulnerability in its Chrome browser, tracked as CVE-2025-6554, which has potentially been exploited in the wild. Users are urged to update their browsers to safeguard against possible attacks.
-
U.S. Disrupts North Korean IT Worker Scams Targeting American Firms
The U.S. Department of Justice has successfully disrupted North Korean scams involving fake IT workers who infiltrated over 100 American companies, embezzling significant amounts of money and stealing sensitive data intended for Pyongyang.
-
Security Researchers Warn of Bluetooth Vulnerabilities in Popular Headphones
Security researchers have identified vulnerabilities in Airoha’s Bluetooth products, putting a wide range of earbuds and headphones at risk of unauthorized access and control. Airoha has provided fixes, but manufacturers must implement updates to secure their devices.
-
Swiss Government Confirms Data Theft in Ransomware Attack on Radix
The Swiss government has confirmed that a ransomware attack on the nonprofit organization Radix has compromised sensitive data from various federal offices, with the leaked information now available on the dark web.
