140/68 Friday, April 11, 2025 The Office of the Comptroller of the Currency (OCC), an agency under the U.S. Department of the Treasury, has confirmed a serious email security breach that remained undetected for over a year. The incident involved unauthorized access to more than 103 staff email accounts through a compromised administrator account, which […]
139/68 Friday, April 11, 2025 Cybersecurity and international policy experts are warning that newly announced U.S. import tariffs may inadvertently worsen the global cyber threat landscape—particularly if the measures lead to economic downturns. A potential recession could drive organizations to cut cybersecurity budgets, leaving them more vulnerable to cybercrime and state-sponsored espionage. Despite a temporary […]
138/68 Thursday, April 10, 2025 WhatsApp has released a patch for a newly discovered vulnerability, CVE-2025-30401, affecting WhatsApp for Windows versions prior to 2.2450.6. This spoofing vulnerability allows attackers to send malicious file attachments disguised with a fake MIME type, tricking users into believing the files are safe—such as images or documents—when in reality, opening […]
137/68 Thursday, April 10, 2025 Fortinet has released a critical security patch addressing a vulnerability in FortiSwitch that could allow an attacker to change the administrator password without authentication. Tracked as CVE-2024-48887, the flaw carries a CVSS severity score of 9.3 out of 10, indicating a critical risk. According to Fortinet, the vulnerability stems from […]
136/68 Wednesday, April 9, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457 to its Known Exploited Vulnerabilities (KEV) Catalog, after confirming active exploitation of the flaw in Ivanti products, including Connect Secure, Policy Secure, and Neurons for ZTA Gateways. The vulnerability is a stack-based buffer overflow in Apache Tomcat, which can […]
135/68 Wednesday, April 9, 2025 Researchers have discovered that the APT group ToddyCat, suspected to be linked to China, is exploiting a now-patched vulnerability (CVE-2024-11859) in ESET antivirus software to stealthily load and execute malware on target systems. The vulnerability, fixed in January 2024, stems from insecure DLL search order handling, allowing attackers to trick […]
134/68 Tuesday, April 8, 2025 Oracle has confirmed a data breach incident and has begun privately notifying affected customers. While the company appears to be downplaying the severity of the breach, a hacker going by the alias rose87168 claims to have accessed millions of records from Oracle Cloud, including encrypted credentials for over 140,000 users. […]
133/68 Tuesday, April 8, 2025 A growing SMS phishing campaign is targeting users by impersonating E-ZPass and other toll collection agencies such as FasTrak and the Florida Turnpike. Victims are receiving fraudulent iMessages and SMS messages designed to steal personal and credit card information. The messages typically claim that the recipient has unpaid toll fees […]
132/68 Friday, April 4, 2025 Cybersecurity researchers at Kaspersky have issued a warning about a new version of the Triada trojan that has been found embedded in the firmware of counterfeit Android smartphones designed to imitate popular models. The malware activates as soon as the device is set up for the first time. According to […]
131/68 Friday, April 4, 2025 Cisco has released patches for two critical security vulnerabilities that could lead to Denial-of-Service (DoS) attacks targeting Meraki MX and Meraki Z devices, as well as the Enterprise Chat and Email (ECE) platform. The first flaw, CVE-2025-20212, affects the VPN AnyConnect server and allows an authenticated attacker to force the […]
