184/68 Wednesday, May 21, 2025 Mozilla has released a security update for its Firefox browser to address two zero-day vulnerabilities that were exploited during the Pwn2Own Berlin 2025 hacking contest. These flaws could allow attackers to access sensitive data or execute malicious code in memory, and the exploits earned researchers a combined $100,000 in prize […]
183/68 Wednesday, May 21, 2025 Cybersecurity experts from WithSecure have issued a warning about a cyberattack campaign involving a fake version of the popular password manager KeePass. Attackers modified the open-source KeePass code to create a trojanized version called “KeeLoader”, which retains the full functionality of the original software but secretly includes malicious code. This […]
182/68 Tuesday, May 20, 2025 The U.S. Federal Bureau of Investigation (FBI) has issued a warning about a cyberattack campaign involving smishing (SMS phishing) and AI-generated deepfake voice messages (vishing) aimed at current and former federal and state government officials. Threat actors are impersonating high-ranking U.S. officials—such as cabinet secretaries or agency directors—to trick victims […]
181/68 Tuesday, May 20, 2025 Cybersecurity experts have uncovered a serious threat to global energy infrastructure after discovering undocumented components—so-called “kill switches”—embedded in electrical inverters manufactured in China. These include hidden cellular modems, raising concerns that China could remotely disable power grid systems, especially during times of conflict. Such an attack could cause widespread blackouts […]
180/68 Monday, May 19, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming they are being actively exploited. These include flaws in Google Chromium, DrayTek Vigor routers, and SAP NetWeaver. Details of the vulnerabilities: CISA emphasized that mitigating KEV-listed vulnerabilities is […]
179/68 Monday, May 19, 2025 Dynamic DNS (DDNS) services, originally designed to conveniently map frequently changing IP addresses to domain names, are increasingly being exploited by cybercriminal groups such as Scattered Spider and various phishing actors. These groups use rented subdomains from DDNS providers to disguise malicious activity and spoof identities, making detection and tracking […]
178/68 Friday, May 16, 2025 Fortinet has released a patch to fix a critical zero-day vulnerability that was actively exploited in FortiVoice Enterprise, an enterprise VoIP (voice over IP) system. The vulnerability, tracked as CVE-2025-32756, is a stack-based buffer overflow flaw that allows unauthenticated remote attackers to execute arbitrary code or commands via specially crafted […]
177/68 Friday, May 16, 2025 Researchers have uncovered a new ad fraud network named Kaleidoscope, targeting Android users with unskippable ads that cause significant disruption and frustration. Traditionally, ad fraud mainly affects advertisers, who pay for impressions or clicks that are not genuine—often generated by bots or deceptive tricks. These malicious activities typically run in […]
176/68 Thursday, May 15, 2025 Adobe has released its scheduled Patch Tuesday security updates, addressing more than 39 vulnerabilities across various products. The company issued warnings about the risk of remote code execution (RCE), which could allow attackers to gain unauthorized access to systems or escalate privileges. The most critical updates affect Adobe ColdFusion, with […]
175/68 Thursday, May 15, 2025 Ivanti has issued an urgent security advisory urging customers to immediately update their Endpoint Manager Mobile (EPMM) software after discovering two critical vulnerabilities that can be chained together to allow unauthenticated remote code execution by attackers. The first vulnerability, CVE-2025-4427, is an authentication bypass on the EPMM API that enables […]
