Vulnerabilities
-
KiranaPro CEO Reports Targeted Cyberattack Leading to Loss of Critical Infrastructure
KiranaPro CEO Deepak Ravindran reported a targeted cyberattack that deleted vital data from the grocery app’s GitHub and AWS accounts, raising concerns about insider threats and prompting an overhaul of security measures.
-
Hewlett Packard Enterprise Issues Critical Security Warning for StoreOnce Backup Solutions
Hewlett Packard Enterprise has issued a security warning regarding eight vulnerabilities in its StoreOnce backup solutions, including a critical authentication bypass flaw that could allow for exploitation of other vulnerabilities.
-
New Campaign Uses Fake DocuSign and Gitcode Sites to Spread Malware
A new cyber campaign is using fake websites masquerading as DocuSign and Gitcode to spread the NetSupport RAT malware through deceptive PowerShell scripts. This strategy incorporates social engineering techniques and clipboard poisoning to execute malicious actions on unsuspecting users’ systems.
-
Emerging Android Banking Trojan Crocodilus Expands Global Reach, Targeting Users in Europe and South America
ThreatFabric’s recent findings highlight the worrying proliferation of the Android banking Trojan Crocodilus, which has expanded its malicious activities from Europe and Turkey to South America, employing increasingly sophisticated techniques to target users.
-
Cartier Reports Data Breach Amid Growing Cybersecurity Concerns in Fashion Industry
Cartier has reported a data breach that exposed customer information, including names and email addresses. The company assures that no sensitive data was compromised and advises customers to remain vigilant against potential phishing attacks.
-
The North Face Alerts Customers Following Latest Credential Stuffing Attack
The North Face has alerted customers of a credential stuffing attack that exposed personal information on April 23, 2025. This incident marks the fourth such attack on the company since 2020, raising significant concerns about cybersecurity practices in the retail sector.
-
Google Addresses Active Exploit with Chrome Security Update
Google has released emergency fixes for its Chrome browser to address a critical vulnerability, CVE-2025-5419, that is being actively exploited in the wild. Users are urged to update to safeguard against potential threats.
-
Nation-State Actor Breaches ConnectWise Customers’ ScreenConnect Instances
ConnectWise has disclosed that a nation-state actor compromised the ScreenConnect cloud instances of some customers, exploiting a vulnerability before a critical patch was implemented. The company is investigating the breach with the help of forensic experts.
-
Australia Mandates Reporting of Ransomware Payments by Victims
Australia has become the first nation to oblige ransomware attack victims to report extortion payments, affecting organizations with significant turnovers and enhancing government visibility into cybercrime.
-
Spear-Phishing Campaign Targets CFOs with Advanced Techniques
A sophisticated spear-phishing campaign has been identified, targeting CFOs across various sectors with the aim of deploying a legitimate remote access tool, Netbird, to gain unauthorized access to sensitive financial systems.
