Vulnerabilities
-
Cisco Reveals Data Breach Affecting User Accounts Amid Vishing Attack
Cisco Systems has reported a data breach involving user accounts due to a voice phishing incident. Basic profile information was compromised, but the company asserts that no sensitive data was affected. Cisco is taking measures to strengthen security following the incident.
-
Stealthy PXA Stealer Targets Thousands Globally, Exposing Personal Data
The PXA Stealer malware has infected over 4,000 victims in 62 countries, leading to significant breaches of passwords, credit card data, and browser cookies, with stolen information sold on Telegram marketplaces.
-
Critical Vulnerabilities Discovered in NVIDIA’s Triton Inference Server
A set of critical vulnerabilities in NVIDIA’s Triton Inference Server has been discovered, posing significant risks to organizations using the platform for AI operations. Potential exploits could lead to remote control of servers and theft of sensitive data.
-
North Korea’s Lazarus Group Shifts Tactics; Canadian City Faces Major Security Costs
North Korea’s Lazarus Group has reportedly transitioned to tactics involving the distribution of malware-laden open-source software, raising concerns over cybersecurity. Meanwhile, the city of Hamilton has incurred major costs due to a significant ransomware attack amid a slow rollout of security measures, while ethical hackers eye substantial rewards in the upcoming Pwn2Own competition. Additionally, CISA…
-
State-Sponsored Attack Targets Southeast Asian Telecommunications
A state-sponsored hacking group, CL-STA-0969, has targeted Southeast Asian telecommunications networks, employing sophisticated tools to establish remote access while avoiding detection. The report highlights significant overlaps with other espionage groups and emphasizes the need for robust cybersecurity measures.
-
Storm-2603 Exploits SharePoint Vulnerabilities to Deploy Ransomware
A recent analysis reveals that Storm-2603, a suspected China-based threat actor, is exploiting Microsoft SharePoint vulnerabilities using a bespoke command-and-control framework, deploying ransomware like Warlock and LockBit.
-
Russian Espionage Group Targets Diplomats Through Innovative Malware
Microsoft has uncovered that Russian espionage group Secret Blizzard has been spying on foreign diplomats in Moscow since at least 2024, utilizing sophisticated malware and surveillance tactics to maintain access to sensitive communications.
-
New Encoding Attack Accelerates SS7 Vulnerabilities in Mobile Networks
Researchers have uncovered a new method that enables attackers to bypass SS7 protections through encoding manipulation, posing significant security risks to mobile networks. This technique has already been employed by a surveillance vendor to extract sensitive mobile subscriber location data.
-
Dollar Tree Hit by Major Data Breach, INC Ransomware Claims Responsibility
The INC Ransomware group claims to have stolen 1.2TB of sensitive data from Dollar Tree, raising serious cybersecurity concerns. The company denies any involvement and attributes the claims to data originating from 99 Cents Only Stores. The incident highlights the growing threat of ransomware attacks.
-
UNC2891 Breaches ATM Networks with Covert Raspberry Pi Attack
UNC2891, a financially motivated threat actor, has executed a covert attack on ATM networks by effectively utilizing a 4G-equipped Raspberry Pi to maintain unauthorized access, raising significant security concerns.
