Vulnerabilities
-
US Coast Guard Enforces New Cybersecurity Rules for Marine Transportation System
The US Coast Guard has implemented new cybersecurity regulations for the Marine Transportation System, aiming to enhance defenses against emerging cyber threats and ensure the safety of US ports.
-
Data Leak Exposes 3.5 Million Customer Records at Australian Fashion Retailer SABO
A data breach at Australian fashion label SABO has exposed the personal information of over 3.5 million customers. The unsecured database contained sensitive data, including names, addresses, and order histories, creating significant risks of cyberattacks and financial fraud.
-
Dell Confirms Breach by Rebranded Extortion Group World Leaks
Dell Technologies has confirmed a security breach of its Customer Solution Centers platform by the extortion group World Leaks, prompting concerns over the safety of company data as the group exploits the situation for ransom.
-
New GhostContainer Malware Targets Microsoft Exchange Servers in Asia
Kaspersky’s SecureList reveals GhostContainer, a new malware targeting Microsoft Exchange servers in Asia, allowing attackers extensive control and potential data exfiltration.
-
Hewlett-Packard Enterprise Addresses Critical Security Flaws in Networking Devices
Hewlett-Packard Enterprise (HPE) has addressed critical vulnerabilities in its Instant On Access Points that could allow unauthorized access. Users are urged to apply the latest security updates to protect their systems.
-
Critical Flaw in CrushFTP Exploited as Cybersecurity Concerns Grow
A critical security flaw in CrushFTP, CVE-2025-54309, is actively being exploited, raising concerns about risk exposure, especially in sensitive environments like government and healthcare. Experts emphasize immediate action for mitigation following the company’s alerts.
-
Supply Chain Attack Targets Popular npm Packages with Malware Injection
A supply chain attack has compromised several popular npm packages, with researchers warning that malicious code injected through phishing campaigns could exploit maintainers’ credentials, leading to potential remote code execution.
-
Active Exploitation Campaign Targets Microsoft SharePoint Zero-Day Flaw
A critical vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770, is currently being exploited in a large-scale attack campaign, allowing unauthorized remote code execution. Organizations are urged to implement immediate protective measures.
-
Malware-as-a-Service Campaign Exploits GitHub for Distribution
Cisco’s Talos security team has exposed a malware-as-a-service operation utilizing GitHub for malicious software distribution, raising concerns over cybersecurity in enterprise environments.
-
TeleMessage SGNL Exposes Sensitive Data Due to Endpoint Misconfiguration
TeleMessage SGNL, a messaging application used by U.S. agencies, has been found exposing sensitive data due to outdated configurations. Cybersecurity experts are urging immediate action to address the vulnerabilities.
