🟡 CVE-2025-43903: NSSCryptoSignBackend.cc in Pop... 🟡 CVE-2025-3796: A vulnerability classified as ... ⚠️ CVE-2025-32953: z80pack is a mature emulator o... 🟡 CVE-2025-3795: A vulnerability was found in D... 🟡 CVE-2025-36625: In Nessus versions prior to 10... 🟡 CVE-2025-32377: Rasa Pro is a framework for bu... 🟢 CVE-2025-25985: An issue in Macro-video Techno... 🟡 CVE-2025-25984: An issue in Macro-video Techno... 🟢 CVE-2025-25983: An issue in Macro-video Techno... 🟡 CVE-2025-28355: Volmarg Personal Management Sy... ⚠️ CVE-2025-24914: When installing Nessus to a no... 🟡 CVE-2025-29513: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-29512: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-1697: A potential security vulnerabi... 🟡 CVE-2024-41447: A stored cross-site scripting ... 🟡 CVE-2025-32796: Dify is an open-source LLM app... 🟡 CVE-2025-32795: Dify is an open-source LLM app... ⚠️ CVE-2025-32792: SES safely executes third-part... ⚠️ CVE-2025-32442: Fastify is a fast and low over... 🔥 CVE-2025-32434: PyTorch is a Python package th... ⚠️ CVE-2025-32389: NamelessMC is a free, easy to ... 🟡 CVE-2025-31120: NamelessMC is a free, easy to ... ⚠️ CVE-2025-31118: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30357: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30158: NamelessMC is a free, easy to ... ⚠️ CVE-2025-29784: NamelessMC is a free, easy to ... 🟡 CVE-2025-27599: Element X Android is a Matrix ... 🟡 CVE-2025-3792: A vulnerability, which was cla... 🟡 CVE-2025-3791: A vulnerability classified as ... 🟡 CVE-2025-2950: IBM i 7.3, 7.4, 7.5, and 7.5 i... ⚠️ CVE-2025-29625: A buffer overflow vulnerabilit... 🟡 CVE-2025-3790: A vulnerability classified as ... 🟡 CVE-2025-3789: A vulnerability was found in b... 🟡 CVE-2025-32790: Dify is an open-source LLM app... 🟡 CVE-2024-46089: 74cms <=3.33 is vulnerable to ... 🟡 CVE-2024-49808: IBM Sterling Connect:Direct We... 🟡 CVE-2024-45651: IBM Sterling Connect:Direct We... 🟡 CVE-2025-3788: A vulnerability was found in b... 🟡 CVE-2025-3787: A vulnerability was found in P... 🟡 CVE-2025-3106: The LA-Studio Element Kit for ... ⚠️ CVE-2025-3786: A vulnerability was found in T... ⚠️ CVE-2025-3785: A vulnerability has been found... 🟡 CVE-2025-3056: The Download Manager plugin fo... 🔥 CVE-2025-2492: An improper authentication con... 🟡 CVE-2025-3783: A vulnerability classified as ... 🟡 CVE-2025-3598: The Coupon Affiliates – Affili... 🟡 CVE-2025-2162: The MapPress Maps for WordPres... 🔥 CVE-2025-1863: Insecure default settings have... 🔥 CVE-2025-39471: Improper Neutralization of Spe... ⚠️ CVE-2025-39470: Path Traversal: '.../...//' vu... ⚠️ CVE-2025-39469: Improper Neutralization of Inp... 🔥 CVE-2025-42599: Active! mail 6 BuildInfo: 6.60... ⚠️ CVE-2025-3520: The Avatar plugin for WordPres... 🟡 CVE-2025-2613: The Login Manager – Design Log... 🟡 CVE-2024-13650: The Piotnet Addons For Element... ⚠️ CVE-2025-25427: A Stored cross-site scripting ... ⚠️ CVE-2025-3509: A Remote Code Execution (RCE) ... ⚠️ CVE-2025-3246: An improper neutralization of ... 🟡 CVE-2025-3124: A missing authorization vulner... 🟢 CVE-2024-42178: HCL MyXalytics is affected by ... 🟡 CVE-2025-3765: A vulnerability, which was cla... 🟡 CVE-2025-3764: A vulnerability classified as ... 🟢 CVE-2024-42177: HCL MyXalytics is affected by ... 🟡 CVE-2025-3763: A vulnerability classified as ... 🟡 CVE-2025-3762: A vulnerability was found in P... 🟡 CVE-2025-29722: A CSRF vulnerability in Commer... 🟡 CVE-2025-28101: An arbitrary file deletion vul... 🔥 CVE-2025-28009: A SQL Injection vulnerability ... 🟢 CVE-2025-26269: DragonflyDB Dragonfly through ... 🟢 CVE-2025-26268: DragonflyDB Dragonfly before 1... ⚠️ CVE-2024-55211: An issue in Think Router Tk-Rt... 🟢 CVE-2021-47671: In the Linux kernel, the follo... ⚠️ CVE-2021-47670: In the Linux kernel, the follo... ⚠️ CVE-2021-47669: In the Linux kernel, the follo... ⚠️ CVE-2021-47668: In the Linux kernel, the follo... 🟢 CVE-2025-32415: In libxml2 before 2.13.8 and 2... ⚠️ CVE-2025-2947: IBM i 7.6  contains a privile... ⚠️ CVE-2025-29661: Litepubl CMS <= 7.0.9 is vulne... ⚠️ CVE-2025-29181: FOXCMS <= V1.25 is vulnerable ... ⚠️ CVE-2025-29180: In FOXCMS <=1.25, the installd... ⚠️ CVE-2025-29039: An issue in dlink DIR 832x 240... ⚠️ CVE-2025-43015: In JetBrains RubyMine before 2... 🟡 CVE-2025-43014: In JetBrains Toolbox App befor... 🟡 CVE-2025-43013: In JetBrains Toolbox App befor... ⚠️ CVE-2025-43012: In JetBrains Toolbox App befor... 🟡 CVE-2025-42921: In JetBrains Toolbox App befor... 🔥 CVE-2025-39596: Weak Authentication vulnerabil... 🔥 CVE-2025-39595: Improper Neutralization of Spe... ⚠️ CVE-2025-39594: Improper Neutralization of Inp... 🔥 CVE-2025-39588: Deserialization of Untrusted D... 🔥 CVE-2025-39587: Improper Neutralization of Spe... ⚠️ CVE-2025-39586: Improper Neutralization of Spe... ⚠️ CVE-2025-39583: Missing Authorization vulnerab... 🟡 CVE-2025-39580: Missing Authorization vulnerab... ⚠️ CVE-2025-39569: Improper Neutralization of Spe... ⚠️ CVE-2025-39568: Improper Limitation of a Pathn... ⚠️ CVE-2025-39567: Improper Neutralization of Inp... 🟡 CVE-2025-39562: Improper Neutralization of Inp... 🟡 CVE-2025-39559: Missing Authorization vulnerab... ⚠️ CVE-2025-39558: Improper Neutralization of Inp...

Information Technology Security Awareness Posts

Senators Warn Pentagon About China's Telecom Hacks

Senators Warn Pentagon About China's Telecom Hacks

U.S. senators have urged the Pentagon to address vulnerabilities in telecommunications infrastructure following the Salt Typhoon espionage campaign, attributed to Chinese state-sponsored hackers. This sophisticated attack targeted telecom networks globally, exposing critical gaps in cybersecurity. Lawmakers are calling for stronger enforcement of security standards and reforms to protect national security. Learn more from The Register and WSJ.

By Cybersecurity Team on December 05, 2024

Cisco Releases Security Updates for NX-OS Software

Cisco Releases Security Updates for NX-OS Software

Cisco has released critical security updates for NX-OS software to address vulnerabilities that could lead to authentication bypass, denial of service, or arbitrary code execution. These flaws pose significant risks to network security. Administrators are urged to review Cisco’s advisories and apply patches immediately to protect systems from potential exploits. Learn more: Cisco Security Advisories

By Cybersecurity Team on December 05, 2024

FBI Urges Telecoms to Enhance Security After China-Backed Hack

FBI Urges Telecoms to Enhance Security After China-Backed Hack

The FBI has issued an urgent warning following a China-backed cyberattack targeting major U.S. telecom providers, compromising call records and live communications. The breach exploited vulnerabilities in CALEA-compliant systems, prompting recommendations for robust encryption, system updates, and cybersecurity education. The attack highlights growing threats to national security and the importance of fortified defenses in critical infrastructure.

By Cybersecurity Team on December 05, 2024

Understanding the Recent T-Mobile Hack

Understanding the Recent T-Mobile Hack

The recent T-Mobile hack, attributed to the Salt Typhoon group linked to China's PLA, highlights critical vulnerabilities in telecommunications infrastructure. The breach raises significant concerns about national security, as hackers may have accessed surveillance tools and sensitive data. This incident underscores the urgent need for robust encryption and advanced cybersecurity measures to protect critical systems. Read more about the implications below.

By Cybersecurity Team on December 03, 2024

North Korean Kimsuky Hackers Exploit Russian Email Services

North Korean Kimsuky Hackers Exploit Russian Email Services

North Korea's Kimsuky hackers are using Russian email services to conduct spear-phishing attacks, targeting think tanks, academics, and media organizations. By impersonating trusted entities, they aim to steal credentials and gather sensitive geopolitical intelligence, aiding North Korea's cyber espionage and weapons programs. Enhanced email security measures and vigilance are essential to counter these threats. Read more: The Hacker News.

By Cybersecurity Team on December 03, 2024

LogoFAIL Exploit: A Critical UEFI Vulnerability

LogoFAIL Exploit: A Critical UEFI Vulnerability

LogoFAIL is a newly discovered UEFI vulnerability that exploits image-parsing components in firmware, enabling attackers to inject malicious payloads through boot-up logos. These flaws allow code execution during the boot process, bypassing protections like Secure Boot and creating persistent, undetectable malware. The exploit affects a wide range of devices and highlights the importance of securing overlooked components.

By Cybersecurity Team on December 02, 2024

NetSupport RAT and RMS in Malicious Emails

NetSupport RAT and RMS in Malicious Emails

NetSupport RAT and RMS are legitimate tools misused in phishing emails for unauthorized remote control. Cybercriminals trick victims into installing them through malicious attachments or scripts, enabling data theft and malware deployment. Recent campaigns exploit advanced tactics like OLE manipulation in Office documents, targeting sectors like healthcare and finance. Vigilance and layered defenses are crucial to combat these threats.

By Cybersecurity Team on December 02, 2024

Understanding "Rockstar 2FA" Phishing-as-a-Service (PaaS)

Understanding "Rockstar 2FA" Phishing-as-a-Service (PaaS)

"Rockstar 2FA" is a Phishing-as-a-Service tool that targets two-factor authentication by intercepting credentials and one-time passwords. It provides hackers with pre-built phishing kits to mimic login and 2FA verification pages, making advanced attacks accessible to novices. The service poses a significant threat to accounts relying solely on 2FA for protection. HENDRY ADRIAN ps://www.hendryadrian.com/rockstar-2fa-a-driving-force-in-phishing-as-a-service-paas/).

By Cybersecurity Team on December 02, 2024

Adversary: Stealth Mango And Tangelo

Adversary: Stealth Mango And Tangelo

"Stealth Mango" and "Tangelo" are both surveillanceware tools that have been identified as part of targeted cyber campaigns.

By Cybersecurity Team on November 30, 2024

Criminals Exploit Game Engine Godot to Distribute Malware

Criminals Exploit Game Engine Godot to Distribute Malware

Cybercriminals are increasingly using the popular game engine Godot as a tool for distributing malware, affecting unsuspecting developers and gamers alike.

By Cybersecurity Team on November 30, 2024

The Mystery of the "Snowflake Hacker": A U.S. Soldier?

The Mystery of the "Snowflake Hacker": A U.S. Soldier?

Recent investigations point toward the possibility that the hacker known as 'Snowflake' could be an active member of the US military.

By Cybersecurity Team on November 30, 2024

INTERPOL Brings Down SilverTerrier Cybercrime Syndicate

INTERPOL Brings Down SilverTerrier Cybercrime Syndicate

INTERPOL and Nigerian authorities have dismantled the SilverTerrier cybercrime syndicate, which orchestrated widespread Business Email Compromise (BEC) scams targeting thousands of organizations worldwide. The operation resulted in multiple arrests and the seizure of key evidence, showcasing the increasing sophistication of global cybercrime. This significant bust underscores the need for stronger cybersecurity measures to defend against evolving threats.

By Cybersecurity Team on November 27, 2024

Critical WordPress Anti-Spam Plugin Flaw Discovered

Critical WordPress Anti-Spam Plugin Flaw Discovered

A critical vulnerability has been discovered in a widely used WordPress anti-spam plugin, putting thousands of websites at risk. Learn how to secure your site.

By Cybersecurity Team on November 26, 2024

What is Glassbridge and Why It’s Important that Google Exposed It

What is Glassbridge and Why It’s Important that Google Exposed It

Google’s exposure of Glassbridge, a network of fake news sites tied to a Chinese-backed influence campaign, highlights the sophistication of digital misinformation. By uncovering these tactics, Google boosts transparency, helping protect users from manipulation and maintaining trust in online news. This move underscores the need to combat disinformation and preserve the integrity of digital platforms.

By Cybersecurity Team on November 25, 2024

The Future of Cybersecurity: Navigating Emerging Threats and Technologies

The Future of Cybersecurity: Navigating Emerging Threats and Technologies

As cybersecurity threats continue to evolve, generative AI, deepfakes, and ransomware are becoming more sophisticated. The rise of Zero Trust models is crucial to defending against internal and external threats. Meanwhile, cloud security and AI-driven defenses are reshaping how businesses protect their networks. These emerging technologies signal a new era in cybersecurity, where innovation must stay ahead of increasingly complex adversaries.

By Cybersecurity Team on November 23, 2024

Finastra Faces Alleged Data Breach: Key Developments and Implications

Finastra Faces Alleged Data Breach: Key Developments and Implications

As cybersecurity threats continue to evolve, generative AI, deepfakes, and ransomware are becoming more sophisticated. The rise of Zero Trust models is crucial to defending against internal and external threats. Meanwhile, cloud security and AI-driven defenses are reshaping how businesses protect their networks. These emerging technologies signal a new era in cybersecurity, where innovation must stay ahead of increasingly complex adversaries.

By Cybersecurity Team on November 23, 2024

Microsoft Takes Down ONNX: A Pioneering Phishing-as-a-Service Threat

Microsoft Takes Down ONNX: A Pioneering Phishing-as-a-Service Threat

Microsoft dismantles the ONNX phishing platform, which enabled attackers to steal credentials and bypass two-factor authentication. Learn about ONNX's capabilities, Microsoft's response, and prevention tips.

By Cybersecurity Team on November 23, 2024

Cyberattack Disrupts IGT Systems: What We Know So Far

Cyberattack Disrupts IGT Systems: What We Know So Far

IGT, a global leader in gaming technology, has been hit by a disruptive cyberattack that has severely impacted its systems and operations. The company is working with experts to address the breach, but the full scale and cause of the attack are still being investigated.

By Cybersecurity Team on November 22, 2024

Navigating the Challenges of Phishing in the Age of AI

Navigating the Challenges of Phishing in the Age of AI

Explore how AI amplifies phishing attacks and learn essential tips to stay safe in the digital age.

By Cybersecurity Team on November 21, 2024

IGT Confirms Cybersecurity Incident, Launches Investigation

IGT Confirms Cybersecurity Incident, Launches Investigation

IGT discovers unauthorized access to its systems and launches investigation into cybersecurity incident. The company is working with external advisors while maintaining service continuity.

By Jerome García : Fact-checked by:Velimir Velichkov on November 21, 2024