cybersecurity threats
-
Google Addresses Active Exploit with Chrome Security Update
Google has released emergency fixes for its Chrome browser to address a critical vulnerability, CVE-2025-5419, that is being actively exploited in the wild. Users are urged to update to safeguard against potential threats.
-
Google Chrome to Disregard Certificates from Chunghwa Telecom and Netlock Starting August 2025
Google Chrome will stop trusting root CA certificates from Chunghwa Telecom and Netlock due to ongoing compliance failures, effective August 1, 2025. This decision will impact site access for users, leading to security warnings.
-
Nation-State Actor Breaches ConnectWise Customers’ ScreenConnect Instances
ConnectWise has disclosed that a nation-state actor compromised the ScreenConnect cloud instances of some customers, exploiting a vulnerability before a critical patch was implemented. The company is investigating the breach with the help of forensic experts.
-
MainStreet Bancshares Reports Data Breach Affecting Customer Information
MainStreet Bancshares has disclosed a data breach that affected a significant portion of its customer base due to an incident involving a third-party provider. The bank reported to the SEC that its own infrastructure was unaffected, but the incident raises questions about cybersecurity in the banking sector.
-
Spear-Phishing Campaign Targets CFOs with Advanced Techniques
A sophisticated spear-phishing campaign has been identified, targeting CFOs across various sectors with the aim of deploying a legitimate remote access tool, Netbird, to gain unauthorized access to sensitive financial systems.
-
China-Linked Hackers Target South Asian Organizations Through Critical SAP Vulnerability
A China-linked hacker group known as Earth Lamia has successfully exploited a critical SAP vulnerability, targeting numerous organizations in South Asia and expanding their tactics beyond financial sectors to include IT and governmental entities.
-
Cybercriminals Exploit Popular AI Tools to Distribute Ransomware and Malware
Cybercriminals are exploiting popular AI tools to distribute ransomware and malware, including CyberLock and Lucky_Gh0$t. A report by Cisco Talos highlights the tactics used to lure victims through fake installations of AI solutions, increasing the urgency for enhanced cybersecurity measures.
-
Security Flaw in Safari Allows Fullscreen Browser-In-The-Middle Attacks
A new vulnerability in Apple’s Safari web browser exposes users to fullscreen browser-in-the-middle attacks, allowing cybercriminals to steal account credentials. SquareX researchers warn that this vulnerability particularly affects Safari, which lacks adequate user alerts when entering fullscreen mode, increasing the risk of such attacks.
-
New Malware Variant Uses Corrupted Headers to Evade Detection
Fortinet researchers have discovered a new strain of malware that evades detection by manipulating its DOS and PE headers, effectively functioning as a remote access trojan capable of controlling infected systems.
-
LexisNexis Reports Data Breach Impacting Over 364,000 Individuals
LexisNexis Risk Solutions has disclosed a data breach impacting over 364,000 individuals, revealing that personal information such as names and Social Security numbers was stolen from a GitHub account. The company emphasized that no financial information was compromised and is offering two years of free identity protection to those affected.
