Vulnerabilities
-
FBI Alerts of Deepfake Fraud Campaign Targeting US Officials
The FBI has warned of a fraud campaign using deepfake technology to impersonate U.S. officials, aiming to extract sensitive login information from targets. The agency advises vigilance and verification of communications to prevent falling victim to these sophisticated scams.
-
Critical SAP NetWeaver Vulnerability Targeted by Ransomware and APT Groups
Ransomware and Chinese APT groups are exploiting a critical vulnerability in SAP’s NetWeaver, identified as CVE-2025-31324, which has a CVSS score of 10, enabling attackers to execute remote code without authentication.
-
Russian Hackers Exploit Old Vulnerabilities to Target Global Mail Servers
Security firm ESET reports that hackers, likely linked to the Russian government, have exploited long-standing cross-site scripting vulnerabilities to breach multiple high-value mail servers globally, with significant implications for defense contractors in Eastern Europe.
-
Google Enhances Chrome Security by Blocking Admin-Level Launches
Google’s new feature for Chrome will block the browser from launching with administrative rights, enhancing security similar to measures already implemented in Microsoft Edge. This change aims to reduce the risk of malware executing with elevated permissions and compromising user systems.
-
Hacking Group ‘Scattered Spider’ Shifts Focus to U.S. Retailers Following UK Breaches
Google has identified a hacking group known as ‘Scattered Spider’ that is now targeting U.S. retailers after successfully breaching UK retailer Marks & Spencer. This group’s focus on high-value targets and their aggressive tactics pose significant risks to the retail sector.
-
Australian Human Rights Commission Discovers Data Breach Exposing Sensitive Information
The Australian Human Rights Commission has revealed a data breach exposing hundreds of sensitive documents online, prompting concerns over privacy and security for affected individuals. Affected parties will receive personal notifications and the AHRC has set up a helpline for those impacted.
-
Security Lapse Exposes Millions of Student-Athlete Records on PrepHero
A security lapse on PrepHero has exposed the personal data of over three million student-athletes and coaches, raising significant privacy concerns.
-
Marks and Spencer Reports Customer Data Breach Following Ransomware Attack
Marks and Spencer has confirmed a customer data breach resulting from a ransomware attack that occurred last month, affecting service across its stores and necessitating password resets for customers.
-
Turkish Espionage Group Exploits Messaging App Vulnerability to Target Kurdish Military
A Turkish espionage group, Marbled Dust, has exploited a zero-day vulnerability in the Output Messenger app to target the Kurdish military in Iraq, marking a significant shift in their cyber operations. Microsoft reveals that the attacks have been active since April 2024, urging users to upgrade their software to mitigate risk.
-
Moldova Arrests Suspect Linked to Major Ransomware Attacks on Dutch Companies
Moldovan police have arrested a 45-year-old man suspected of involvement in ransomware attacks against Dutch companies, including a significant incident impacting the Netherlands Organization for Scientific Research. The operation resulted in the seizure of over €84,000 in cash and various electronic devices.
