cybersecurity threats
-
Chinese Hackers Exploit Zero-Day Vulnerability in Cityworks, Warns Cisco Talos
Cisco Talos has raised alarms over active cyberattacks by Chinese hackers exploiting a zero-day vulnerability in Trimble Cityworks, affecting local U.S. government agencies and enabling remote code execution.
-
Source Code of SilverRAT Remote Access Trojan Leaked Online
The source code of the SilverRAT remote access trojan has leaked online, exposing its capabilities and raising concerns over cybersecurity risks as criminals may now exploit this tool.
-
Quantum Computing Breakthroughs Signal Urgent Need for Enhanced Encryption Measures
Recent research from Google Quantum AI reveals that a quantum computer with one million qubits could breach RSA-2048 bit encryption in just one week, highlighting an urgent need for organizations to adopt post-quantum cryptography measures sooner than previously anticipated.
-
NIST Introduces New Metric for Identifying Likely Exploited Vulnerabilities in Cybersecurity
NIST has introduced a new metric, Likely Exploited Vulnerabilities (LEV), to help organizations identify which software vulnerabilities are most likely to have been exploited in cyberattacks, calling for collaboration from the cybersecurity community to validate this methodology.
-
Cybersecurity Breaches Expose Sensitive Information and Target Malware Groups
Recent cybersecurity incidents have highlighted the vulnerability of sensitive information within government communications and exposed serious lapses in security among major corporations. Key developments include the breach of TeleMessage, ongoing law enforcement operations against malware groups, and alarming discoveries of unsecured databases containing millions of login credentials.
-
FBI Warns Law Firms of Rising Cyber Threats from Silent Ransom Group
The FBI has warned U.S. law firms of a growing cyber threat from the Silent Ransom Group, which has increased its focus on the legal sector since early 2023, employing phishing tactics and social engineering calls to access sensitive legal data.
-
Critical XSS Vulnerability in Zimbra Collaboration Suite Exploited by Hackers
A critical XSS vulnerability (CVE-2024-27443) has been discovered in Zimbra’s CalendarInvite feature, exploited by the Sednit hacking group. Users are urged to patch their systems urgently.
-
Critical Flaw Discovered in Windows Server 2025 Poses Risk to Active Directory Users
A critical security vulnerability in Windows Server 2025, discovered by Akamai researchers, poses serious risks to Active Directory users, enabling potential attackers to gain unauthorized access to any AD user account. With Microsoft yet to release a patch, organizations are urged to implement immediate protective measures.
-
Chinese Cyber Spies Exploit Ivanti EPMM Flaws to Target EU and US Organizations
A Chinese cyber espionage group has been exploiting critical vulnerabilities in Ivanti’s software to breach various organizations across Europe and the United States, raising alarms over the potential security risks. The two vulnerabilities, CVE-2025-4427 and CVE-2025-4428, have enabled attackers to gain unauthorized access to sensitive data and systems.
-
Chinese Hackers Exploit Critical Flaw in Trimble Cityworks Software, Impacting U.S. Local Governments
Chinese hackers have exploited a critical vulnerability in Trimble Cityworks software, impacting local U.S. government systems. The flaw, now patched, allowed for remote code execution and malware delivery, with Chinese threat actors identified as the perpetrators. Trimble has urged users to update their systems to mitigate risks associated with this breach.
