The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured…
Category: EN
SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware
SonicWall’s end-of-life SMA 100 series appliances are again on the front line after investigators unearthed a covert campaign that couples a suspected zero-day remote-code-execution flaw with a sophisticated backdoor called OVERSTEP. The operation, attributed to the financially motivated group UNC6148,…
Microsoft Congratulates MSRC’s Most Valuable Security Researchers
Microsoft has officially announced its 2025 Most Valuable Security Researchers, recognizing the top 100 security researchers worldwide who have made significant contributions to protecting Microsoft customers through the Microsoft Security Response Center (MSRC) program. The recognition is based on a…
Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files
A critical vulnerability in Cisco’s Unified Intelligence Center (CUIC) web-based management interface has been classified with high severity, allowing authenticated remote attackers with Report Designer privileges to upload arbitrary files to affected systems. Tracked as CVE-2025-20274 and assigned a CVSS…
Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript
Threat actors are quietly turning Scalable Vector Graphics (SVG) files into precision-guided malware. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. Once the recipient merely…
Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine
Two Russian suspects in cuffs, seven warrants out International cops shut down more than 100 servers belonging to the pro-Russian NoName057(16) network this week as part of the Europol-led Operation Eastwood.… This article has been indexed from The Register –…
Ukrainian hackers claim to have destroyed major Russian drone maker’s entire network
‘Deeply penetrated’ Gaskar ‘to the very tonsils of demilitarization’ Ukrainian hackers claim to have taken out the IT infrastructure at Russia’s Gaskar Integration plant, one of the largest suppliers of drones for its army, and also destroyed massive amounts of…
Microsoft offers vintage Exchange and Skype server users six more months of security updates
It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing Microsoft has extended its security update programs for Exchange Server 2016 and 2019, and Skype…
Europol-Coordinated Global Operation Takes Down Pro-Russian Cybercrime Network
Codenamed Eastwood, the operation targeted the so-called NoName057(16) group, which was identified as being behind a series of DDoS attacks on municipalities and organizations linked to a NATO summit. The post Europol-Coordinated Global Operation Takes Down Pro-Russian Cybercrime Network appeared…
Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime
More than 1,000 suspects were arrested in raids in at least five provinces between Monday and Wednesday, according to Information Minister Neth Pheaktra and police. The post Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime appeared first on SecurityWeek.…
Oracle Patches 200 Vulnerabilities With July 2025 CPU
Oracle’s July 2025 Critical Patch Update contains 309 security patches that address approximately 200 unique CVEs. The post Oracle Patches 200 Vulnerabilities With July 2025 CPU appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Cisco Patches Another Critical ISE Vulnerability
Cisco has released patches for multiple vulnerabilities, including a critical flaw in Cisco ISE that leads to remote code execution (RCE). The post Cisco Patches Another Critical ISE Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched
Four CVEs disclosed at the Pwn2Own Berlin 2025 hacking competition have been patched in VMware products. The post VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Bridging the Visibility Gap: 2025 Global Cybersecurity Maturity Report
Reuven “Rubi” Aronashvili, CEO of CYE, asks a blunt question: Why are breaches still rampant when security budgets have never been larger? Drawing on his journey from leading an Israeli red‑team unit to advising Fortune‑500 boards, Aronashvili argues that most…
Red Teaming AI Systems: Why Traditional Security Testing Falls Short
What if your AI-powered application leaked sensitive data, generated harmful content, or revealed internal instructions – and none of your security tools caught it? This isn’t hypothetical. It’s happening now and exposing critical gaps in how we secure modern AI…
test draft
The post test draft appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: test draft
“Prove Your Age, Lose Your Privacy”: How Free Speech Coalition v. Paxton Turns Porn Sites into Surveillance Platforms
A statute that requires identity verification to read news articles or shop for groceries would be problematic; one that does so for pornography is catastrophic. The post “Prove Your Age, Lose Your Privacy”: How Free Speech Coalition v. Paxton Turns…
I Hacked (Logged) In Through The Front Door
Identity-based attacks have become the path of least resistance and it is the responsibility of all organizations to shore up their defenses to mitigate these threats. The post I Hacked (Logged) In Through The Front Door appeared first on Security…
Politically Motivated Hacktivist Stole Data of 2.5 Million Columbia University Students And Employees
In a targeted cyberattack that investigators suspect was politically motivated, a seasoned “hacktivist” allegedly acquired private data from over two million Columbia University students, applicants, and staff. The savvy hacktivist stole social security numbers, citizenship status, university-issued ID numbers,…
Newly Found AMD Processor Flaws Raise Concerns, Though Risk Remains Low
In a recent security advisory, chipmaker AMD has confirmed the discovery of four new vulnerabilities in its processors. These issues are related to a type of side-channel attack, similar in nature to the well-known Spectre and Meltdown bugs that were…