Vulnerabilities
-
Emerging Anubis Ransomware Poses Dual Threat to Victims
The Anubis ransomware poses a dual threat by encrypting and permanently erasing files, significantly heightening risks for victims across various industries, as highlighted in recent reports.
-
SinoTrack GPS Vulnerabilities Expose Vehicles to Potential Attacks
Vulnerabilities in the SinoTrack GPS tracking platform may allow attackers to track vehicle locations and control vehicle functions. CISA warns users to change default passwords and protect device identifiers.
-
Over 46,000 Grafana Instances Exposed to Serious Security Flaw
A significant security vulnerability affecting over 46,000 Grafana instances remains unpatched, exposing users to the risk of account takeover. The flaw, tracked as CVE-2025-4123, allows attackers to execute malicious plugins, prompting urgent calls for updates.
-
WestJet Investigates Cyberattack Disrupting Operations and Services
WestJet is investigating a cyberattack that has disrupted access to its internal systems and app, affecting service for users. The airline is working with law enforcement and Transport Canada to contain the situation.
-
Massive Malware Campaign Infects Over 269,000 Websites with Malicious JavaScript
A cybersecurity alert has been issued following the compromise of over 269,000 websites by a malware campaign utilizing malicious JavaScript code, showcasing significant vulnerabilities in online security measures.
-
CISA Warns of Ransomware Threats Exploiting SimpleHelp Vulnerabilities
CISA warns that ransomware actors are exploiting unpatched SimpleHelp vulnerabilities to target utility billing software providers, urging organizations to update their systems and implement security measures to prevent attacks.
-
FIN6 Cybercrime Group Targets HR Professionals with Advanced Phishing Operations
The FIN6 cybercrime group has launched a sophisticated phishing campaign targeting HR professionals by exploiting the job application process to deliver malware, according to new research from DomainTools. The group’s use of trusted cloud services complicates detection efforts, highlighting the need for improved security protocols in human resources.
-
GitLab Issues Security Patches Addressing High-Severity Vulnerabilities
GitLab has released vital security updates addressing multiple high-severity vulnerabilities that allow account takeovers and malicious job injections in its DevSecOps platform. The company urges immediate upgrades to mitigate these risks.
-
New Cybersecurity Threat Targets Over 80,000 Microsoft Entra ID Accounts
A new cybersecurity threat has surfaced, with over 80,000 Microsoft Entra ID accounts compromised by an account takeover campaign known as UNK_SneakyStrike, utilizing the TeamFiltration tool for malicious activities.
-
CISA Highlights Security Flaws in SinoTrack GPS Devices
CISA warns SinoTrack GPS device users about critical vulnerabilities allowing unauthorized access. Affected devices could be remotely controlled, including tracking vehicles and cutting off fuel. Users are urged to change default passwords immediately.
