A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. “CrushFTP…
Enterprise admins who haven’t yet mitigated a two-month-old vulnerability in apps that incorporate the open source Spring Boot tool could be in trouble: Attempts to exploit the hole are still…
Russian cyberespionage group APT28 has developed malware that generates commands by querying large language models (LLMs). The malware, dubbed LAMEHUG by the Ukrainian CERT, was used in recent spear phishing…
Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections. – Read More
Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that’s used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool,…
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber…
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances. According…
Security often lags behind innovation. The path forward requires striking a balance. – Read More
Ein Dienstleister von Vodafone Deutschland wurde von einem Cyberangriff getroffen. Alexander Fedosov – shutterstock.com Hacker haben einen externen Dienstleister von Vodafone angegriffen. Laut einem Bericht der Wirtschaftswoche kämpft der Mobilfunkkonzern…
Four flaws in the basic software for Gigabyte motherboards could allow persistent implants, underscoring problems in the ways firmware is developed and updated. – Read More
Cisco has dropped another maximum severity advisory detailing an unauthenticated remote code execution (RCE) flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The networking equipment…
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. “An obvious feature of LAMEHUG is the…
I’ll never forget the morning a few years ago, when a teammate accidentally pushed an AWS key to a public GitHub repo. It took less than 30 minutes before someone…
Cyber threat group APT 28 has been responsible for deploying a sophisticated malware against user email accounts as part of its operations. – Read More
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy…