280/68 Monday, August 4, 2025 Researchers at Nextron Systems have discovered a new malware strain called “Plague,” which embeds itself as a PAM (Pluggable Authentication Module) on Linux systems. The malware exploits the PAM framework to bypass standard authentication processes, allowing attackers to maintain persistent SSH access without needing to provide a password. Plague also […]
279/68 Monday, August 4, 2025 Cybersecurity researchers from Arctic Wolf Labs have revealed that the Akira ransomware group has been actively targeting SonicWall SSL VPN systems since mid-July 2025. The attackers are using the VPN service as an entry point into victims’ networks. Notably, some of the affected devices had already been updated with the […]
278/68 Friday, August 1, 2025 Apple has released a security patch to address a zero-day vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), which has been actively exploited in attacks targeting Google Chrome users. The flaw stems from insufficient validation of untrusted data in the ANGLE (Almost Native Graphics Layer Engine) module and GPU components. If […]
277/68 Friday, August 1, 2025 Following the enforcement of the UK’s Online Safety Act, which came into effect last Friday, VPN (Virtual Private Network) usage across the country has skyrocketed. The new law requires websites to strictly verify users’ ages, prompting a massive surge in VPN traffic. According to Top10VPN, VPN usage in the UK […]
276/68 Thursday, July 31, 2025 On July 28, 2025, pro-Ukrainian hacker groups Silent Crow and the Belarusian Cyber-Partisans claimed responsibility for a major cyberattack targeting Russia’s flagship airline Aeroflot, which crippled the company’s IT systems and forced the cancellation of over 100 flights. The Aeroflot website became inaccessible, and the Russian government later confirmed it […]
275/68 Thursday, July 31, 2025 Cybersecurity researchers from Graz University of Technology in Austria have unveiled a novel attack technique called “Choicejacking,” which tricks smartphones into enabling USB data transfer without user consent, bypassing protections originally designed to prevent Juice Jacking attacks. By simply plugging a phone into a compromised public charger or USB cable […]
274/68 Wednesday, July 30, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has issued an official advisory regarding a critical vulnerability-CVE-2023-2533-in PaperCut NG/MF software, which is actively being exploited in cyberattacks. This vulnerability enables remote code execution through Cross-Site Request Forgery (CSRF), allowing an attacker to gain control of a system if an administrator-while still […]
273/68 Wednesday, July 30, 2025 Security researchers from Patchstack have disclosed a critical vulnerability in the popular Post SMTP plugin for WordPress, which is used by over 400,000 websites globally to manage email delivery. The flaw, tracked as CVE-2025-24000, stems from a Broken Access Control issue that allows unauthorized access to sensitive data by low-privileged […]
272/68 Tuesday, July 29, 2025 International law enforcement agencies have taken down the .onion websites operated by the BlackSuit ransomware group, which were used to leak victim data via the TOR network. A seizure banner displayed on the sites confirms the operation was led by U.S. Homeland Security Investigations (HSI), featuring logos from 17 international […]
271/68 Tuesday, July 29, 2025 Cybersecurity researchers from Nozomi Networks have disclosed the discovery of more than 12 vulnerabilities in the Niagara Framework, an intelligent device management system developed by Tridium, a subsidiary of Honeywell. These vulnerabilities could be exploited by attackers within the same network, especially when misconfigurations leave encryption disabled. When chained together, […]
