Cybersecurity Articles

80/68 Thursday, February 27, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities—CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile Product Lifecycle Management (PLM)—to its Known Exploited Vulnerabilities (KEV) catalog. The details of these vulnerabilities are as follows: To mitigate the risks associated with these vulnerabilities, Federal Civilian Executive Branch (FCEB) […]

79/68 Thursday, February 27, 2025 Have I Been Pwned (HIBP), a data breach notification service, has added over 284 million stolen accounts to its database after discovering the data being shared on a Telegram channel named “ALIEN TXTBASE”—a repository for credentials stolen by info-stealing malware. Troy Hunt, the founder of HIBP, revealed that the dataset […]

78/68 Wednesday, February 26, 2025 Researchers from CYFIRMA have discovered a malicious app called “Finance Simplified” on Google Play, which is infected with the SpyLend malware. This malware targets users in India, masquerading as a financial calculator while actually functioning as an illegal loan app. It exploits users’ personal data for blackmail and extortion. Within […]

77/68 Wednesday, February 26, 2025 Security researchers from SecurityScorecard have discovered that over 130,000 compromised devices are being used in a large-scale password-spraying attack targeting Microsoft 365 accounts. The attackers leverage a technique called “Non-Interactive Sign-Ins”, which bypasses multi-factor authentication (MFA), making it easier to evade security defenses. Additionally, they utilize stolen credentials obtained from […]

75/68 Tuesday, February 25, 2025 Google Cloud has announced the launch of digital signatures designed to protect against quantum computer attacks within its Cloud Key Management Service (Cloud KMS), now available for trial. This initiative is part of Google’s effort to prepare for future threats, as quantum computers may potentially break traditional encryption methods. The […]

74/68 Monday, February 24, 2025 The crypto exchange platform Bybit experienced the largest hack in history, with hackers stealing over $1.5 billion worth of cryptocurrency from the company’s cold wallets. The hackers used a technique to spoof the signing interface, redirecting transactions to untraceable addresses. This incident surpasses previous major hacks such as Ronin Network […]

73/68 Monday, February 24, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about Ghost Ransomware, a ransomware group linked to China that is rapidly spreading across more than 70 countries worldwide. This group is notable for its ability to escalate from initial network access to a full-scale attack within just […]

72/68 Friday, February 21, 2025 Researchers from the Qualys Threat Research Unit (TRU) have discovered two vulnerabilities in OpenSSH that could allow attackers to exploit systems through Man-in-the-Middle (MitM) and Denial-of-Service (DoS) attacks. The first vulnerability, CVE-2025-26465 (CVSS 6.8), affects the OpenSSH Client, enabling attackers to intercept SSH connections, leading to MitM attacks, which pose […]

71/68 Friday, February 21, 2025 Security researchers from Wordfence have disclosed a critical vulnerability (CVE-2025-0366) in the Jupiter X Core plugin, which is used on over 90,000 websites. The vulnerability was discovered on January 6, 2025, and has been assigned a severity score of 8.8 out of 10 based on the CVSS standard. This flaw […]

70/68 Thursday, February 20, 2025 Juniper Networks has released a patch to address a critical vulnerability, CVE-2025-21589, which has been assigned a CVSS severity score of 9.8. This vulnerability allows attackers to bypass authentication processes and gain control over affected devices. It impacts Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Routers across […]