367/68 Friday, September 26, 2025 Italian company Libraesva, developer of the Email Security Gateway (ESG) solution, has issued a security advisory regarding vulnerability CVE-2025-59689, which has been actively exploited by nation-state hackers through specially crafted compressed email attachments. The flaw allows attackers to execute command injection on the system under a non-privileged user account. The […]
366/68 Friday, September 26, 2025 The Python Software Foundation (PSF) has issued a warning about a new phishing campaign targeting Python developers and project maintainers. Threat actors have created fake websites impersonating the Python Package Index (PyPI) – the official repository for Python packages – tricking users into verifying their account credentials under the guise […]
365/68 Thursday, September 25, 2025 Security researchers have warned that the Operation Rewrite campaign is deploying BadIIS malware to conduct SEO poisoning attacks, targeting East Asia and Southeast Asia, particularly Vietnam. The goal is to manipulate search engine rankings, tricking users into visiting compromised websites that then redirect them to spam sites or unwanted content […]
364/68 Thursday, September 25, 2025 SolarWinds has released a hotfix to address a critical vulnerability tracked as CVE-2025-26399 (CVSS 9.8) affecting Web Help Desk. If successfully exploited, the flaw could allow attackers to perform remote code execution (RCE) on affected servers. The vulnerability stems from the deserialization of untrusted data within the AjaxProxy module and […]
363/68 Thursday, September 25, 2025 The U.S. Secret Service announced on Tuesday that it had seized a network of illegal electronic devices deployed across the New York area, which had been used to threaten U.S. government officials and posed a serious national security risk. The operation resulted in the confiscation of over 300 SIM servers […]
362/68 Wednesday, September 24, 2025 The Steam gaming platform has once again become a vector for cyberattacks after it was discovered that the verified game BlockBlasters was secretly embedding cryptodrainer malware designed to steal digital assets. Attackers employed a strategy of releasing what appeared to be a safe game with positive reviews at first, only […]
361/68 Wednesday, September 24, 2025 Cybersecurity firm Silent Push has revealed the discovery of a new malware strain named CountLoader, deployed by Russian cybercriminal groups linked to LockBit, BlackBasta, and Qilin. CountLoader functions as a malware loader, a program designed to serve as an initial access point for installing other types of malware – including […]
360/68 Wednesday, September 24, 2025 Cyber threats have entered a new era driven by artificial intelligence (AI), pushing the Zero Trust security model – built on the principle of “never trust, always verify” – to face critical challenges. While Zero Trust remains a strong framework for preventing unauthorized access and minimizing damage through network segmentation, […]
359/68 Tuesday, September 23, 2025 Security researchers have discovered that North Korean hackers (DPRK) are leveraging the ClickFix technique to trick job seekers in marketing and cryptocurrency trading roles into installing the BeaverTail and InvisibleFerret malware. The campaign, part of the Contagious Interview operation (also tracked as Gwisin Gang) under the Lazarus Group, began in […]
358/68 Tuesday, September 23, 2025 Fortra, the developer of Managed File Transfer (MFT) solutions, has released a patch to address a critical vulnerability (CVSS Score 10.0) in its GoAnywhere MFT software, tracked as CVE-2025-10035. The flaw is a deserialization vulnerability within the License Servlet, which allows attackers to craft a malicious License Response Signature and […]
