Vulnerabilities
-
Cybercriminals Deploy Fake Ledger Apps to Steal Cryptocurrency Seed Phrases from macOS Users
Cybercriminals are increasingly using fake Ledger applications to steal seed phrases from macOS users, threatening their cryptocurrency assets. Reports from Moonlock Lab and Jamf highlight the evolution of these attacks, emphasizing the importance of downloading official applications and safeguarding sensitive data.
-
Critical Vulnerability in Windows Server 2025 Exposes Active Directory to Domain Compromise
A critical vulnerability in Windows Server 2025 allows attackers to exploit Active Directory security features, posing risks of full domain compromise. The vulnerability, dubbed the ‘BadSuccessor’ attack, enables unauthorized users to inherit privileges from legitimate accounts without detection, prompting urgent patch development from Microsoft.
-
Hackers Exploit Trimble Cityworks Vulnerability to Breach U.S. Local Governments
Chinese-speaking hackers have breached multiple U.S. local governments by exploiting a patched Trimble Cityworks vulnerability. The incident, attributed to the group UAT-6382, emphasizes the critical need for robust cybersecurity measures.
-
Critical SAMLify Vulnerability Exposes Single Sign-On Systems to Attacks
A critical vulnerability in the samlify library enables attackers to bypass Single Sign-On protections, posing a severe risk to authentication systems reliant on SAML. The flaw, tracked as CVE-2025-47949, has been assessed with a CVSS score of 9.9 out of 10.
-
Russian Cyberespionage Targets Aid Organizations Supporting Ukraine
A state-sponsored cyberespionage campaign attributed to the Russian group APT28 is targeting aid organizations linked to Ukraine, employing a variety of hacking techniques to disrupt humanitarian efforts and track aid shipments.
-
Global Authorities Disrupt Lumma Stealer Malware Operation
A coordinated effort by global authorities and tech companies has disrupted the Lumma Stealer malware operation, impacting its infrastructure and threatening its reach in the cybercrime market.
-
Critical Vulnerability Discovered in Windows Server 2025 Threatens Active Directory Security
A recently discovered vulnerability in Windows Server 2025 allows attackers to escalate privileges within Active Directory, posing serious security risks until Microsoft releases a patch. Organizations are urged to take immediate precautions.
-
SK Telecom Confirms Massive Malware Breach Impacting Millions of Subscribers
SK Telecom has confirmed a substantial cybersecurity breach affecting the USIM data of around 27 million subscribers, with malware traces dating back to 2022. The company is taking extensive measures to secure its network, including offering free SIM replacements for affected customers.
-
Over 100 Malicious Chrome Extensions Discovered Posing as Legitimate Tools
Over 100 malicious Chrome browser extensions were found masquerading as legitimate tools, enabling credential theft and unauthorized access to user data. Experts warn users to remain vigilant when downloading browser extensions.
-
Emerging Threat: Nitrogen Ransomware Targets Financial Sector in US, UK, and Canada
The Nitrogen ransomware strain has emerged as a significant threat to financial organizations in the US, UK, and Canada, encrypting crucial data and demanding hefty ransoms from victims. Cybersecurity experts warn that its sophisticated tactics pose a severe risk to unprepared entities.
