Identity-based attacks have taken centre stage as the top cybersecurity concern for organisations in the coming year, according to a new survey conducted by Keeper Security at Infosecurity Europe 2025. The leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access…
Tag: EN
Critical D-Link 0-click Vulnerability Allows Remote Attackers to Crash the Server
A critical stack-based buffer overflow in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. Tracked as CVE-2025-7206, the flaw resides in the router’s httpd binary and stems from improper handling…
New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities
A critical vulnerability in eSIM technology enables attackers to clone mobile subscriber profiles and hijack phone identities. AG Security Research revealed they broke the security of Kigen eUICC cards with GSMA consumer certificates, marking what they claim is the first…
RapidFire Network Detective Vulnerabilities Expose Sensitive Data to Threat Actors
Security researchers have discovered two critical vulnerabilities in RapidFire Tools Network Detective, a widely-used network assessment and reporting tool developed by Kaseya, that expose sensitive credentials to potential attackers. The flaws, disclosed on July 10th, 2025, affect organizations using the…
Russian Basketball Star Arrested Over Ransomware Attacks on 900+ Companies
A prominent Russian basketball player has been arrested in France on charges related to one of the most extensive ransomware operations in recent years, highlighting the ongoing intersection between cybercrime and international law enforcement. Daniil Kasatkin, a 26-year-old professional basketball…
Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent
With IPOs taking longer than ever, the venture firm’s fund aims to keep startup veterans motivated while staying private. The post Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent appeared first on SecurityWeek. This article has been…
GTT Extends Palo Alto Networks Alliance to Add Managed SASE Service
GTT Communications extended its alliance with Palo Alto Networks to include an additional managed secure access service edge (SASE) offering. The post GTT Extends Palo Alto Networks Alliance to Add Managed SASE Service appeared first on Security Boulevard. This article…
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P,…
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null (‘\0’) bytes…
Securing Data in the AI Era
The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the…
Wing FTP Server RCE Vulnerability Under Active Exploitation
Security researchers at Huntress have confirmed active exploitation of a critical remote code execution vulnerability in Wing FTP Server, designated CVE-2025-47812, with the first observed attack occurring just one day after the vulnerability’s public disclosure. The flaw affects versions before…
British Man Sentenced for Network Rail Wi-Fi Hack
The man was handed a suspended prison sentence for offenses relating to the hack of Network Rail public Wi-Fi, exposing customers to offensive messaging This article has been indexed from www.infosecurity-magazine.com Read the original article: British Man Sentenced for Network…
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques
SLOW#TEMPEST malware uses dynamic jumps and obfuscated calls to evade detection. Unit 42 details these techniques and how to defeat them with emulation. The post Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques appeared first on Unit…
IT Giant Ingram Micro Restores Operations After Ransomware Attack
Ingram Micro Holding Corporation (NYSE: INGM), a global leader in IT distribution and technology solutions, has announced that it has successfully restored operations across all countries and regions following a ransomware attack identified on certain internal systems. The incident, first…
CISA Issues 13 New Advisories on Industrial Control System Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released thirteen new Industrial Control Systems (ICS) advisories, spotlighting a range of security vulnerabilities and potential exploits affecting critical infrastructure components. These advisories are a vital resource for organizations relying on ICS technologies,…
CISA Alerts on Active Exploits Targeting Citrix NetScaler ADC and Gateway Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding active exploitation of a newly discovered vulnerability in Citrix NetScaler ADC and Gateway systems, with organizations facing an immediate deadline to implement protective measures. The vulnerability, designated…
UK Online Safety Act ‘not up to scratch’ on misinformation, warn MPs
Last summer’s riots show how some content can be harmful but not illegal The Online Safety Act fails to tackle online misinformation, leaving the UK in need of further regulation to curb the viral spread of false content, a report…
Rockerbox Data Leak – 245,949 User Records Exposed Including SSNs and Driver’s Licenses
The Rockerbox breach burst onto the threat-intelligence radar in early July 2025 when an unencrypted, 286.9 GB cloud repository holding 245,949 highly sensitive records was found openly indexed on the internet. Investigators traced the trove to Rockerbox, a Dallas-based tax-credit…
Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities
The Apache Software Foundation has released Apache HTTP Server version 2.4.64, addressing eight critical security vulnerabilities that affected versions spanning from 2.4.0 through 2.4.63. This latest update resolves a range of issues, including HTTP response splitting, server-side request forgery (SSRF),…
AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets
Advanced Micro Devices has disclosed a series of critical security vulnerabilities affecting multiple generations of its processor architectures, stemming from transient scheduler attacks that exploit speculative execution mechanisms. The vulnerabilities, identified through four distinct Common Vulnerabilities and Exposures (CVE) entries,…