Vulnerabilities
-
FBI Warns Law Firms of Rising Cyber Threats from Silent Ransom Group
The FBI has warned U.S. law firms of a growing cyber threat from the Silent Ransom Group, which has increased its focus on the legal sector since early 2023, employing phishing tactics and social engineering calls to access sensitive legal data.
-
Critical XSS Vulnerability in Zimbra Collaboration Suite Exploited by Hackers
A critical XSS vulnerability (CVE-2024-27443) has been discovered in Zimbra’s CalendarInvite feature, exploited by the Sednit hacking group. Users are urged to patch their systems urgently.
-
Critical Flaw Discovered in Windows Server 2025 Poses Risk to Active Directory Users
A critical security vulnerability in Windows Server 2025, discovered by Akamai researchers, poses serious risks to Active Directory users, enabling potential attackers to gain unauthorized access to any AD user account. With Microsoft yet to release a patch, organizations are urged to implement immediate protective measures.
-
Chinese Cyber Spies Exploit Ivanti EPMM Flaws to Target EU and US Organizations
A Chinese cyber espionage group has been exploiting critical vulnerabilities in Ivanti’s software to breach various organizations across Europe and the United States, raising alarms over the potential security risks. The two vulnerabilities, CVE-2025-4427 and CVE-2025-4428, have enabled attackers to gain unauthorized access to sensitive data and systems.
-
Chinese Hackers Exploit Critical Flaw in Trimble Cityworks Software, Impacting U.S. Local Governments
Chinese hackers have exploited a critical vulnerability in Trimble Cityworks software, impacting local U.S. government systems. The flaw, now patched, allowed for remote code execution and malware delivery, with Chinese threat actors identified as the perpetrators. Trimble has urged users to update their systems to mitigate risks associated with this breach.
-
Russian-Aligned Group TAG-110 Targets Tajik Institutions in Espionage Campaign
Recorded Future’s Insikt Group has reported that Russian-aligned threat actor TAG-110 is intensifying its espionage campaign against Tajik institutions, leveraging phishing tactics and trojanized documents to further Russian interests in Central Asia.
-
CISA Reports Cyber Threats Targeting Commvault’s Azure SaaS Applications
CISA has issued a warning about cyber threat activity targeting Commvault’s Azure-hosted applications, potentially compromising client secrets and customer data. The agency has recommended preventative measures to safeguard against such attacks.
-
Security Flaw in GitLab’s AI Assistant Exposes Source Code to Attackers
A significant vulnerability in GitLab’s AI coding assistant, Duo, has been discovered, allowing potential theft of source code and injection of malicious instructions, prompting urgent security measures from GitLab.
-
Coca-Cola Faces Cyberattack Threats from Everest and Gehenna Ransomware Groups
Coca-Cola and its bottling partner, Coca-Cola Europacific Partners (CCEP), are facing cyberattack threats from Everest and Gehenna, as both groups claim to have breached the company’s systems and stolen sensitive data.
-
International Law Enforcement Operation Takes Down Major Ransomware Infrastructure
An international crackdown dubbed Operation Endgame has led to the seizure of 300 servers and 650 domains tied to ransomware activities, successfully disrupting several major cybercrime operations and recovering significant cryptocurrency.
