490/68 Wednesday, November 26, 2025 Harvard University has disclosed a data breach affecting its Alumni Affairs and Development (AAD) system, which was compromised through a voice phishing (vishing) attack. The incident allowed unauthorized access to personal information of alumni, donors, students, staff, and related individuals. The breach was detected on November 18, 2025, and Harvard […]
489/68 Wednesday, November 26, 2025 A new and more sophisticated wave of ClickFix cyberattacks has been detected, leveraging highly convincing full-screen browser windows that mimic authentic Windows Update animations or authentication prompts. These fake screens are used to socially engineer victims into following instructions that ultimately execute malicious commands silently copied into the clipboard and […]
488/68 Tuesday, November 25, 2025 SonicWall has issued a security advisory regarding a high-severity buffer overflow vulnerability in the SonicOS SSLVPN service, identified as CVE-2025-40601 (CVSS 7.5). The flaw allows unauthenticated remote attackers to trigger a Denial-of-Service (DoS) condition, causing Gen7 and Gen8 firewalls to reboot or stop functioning. The vulnerability affects only devices with […]
487/68 Tuesday, November 25, 2025 Spanish airline Iberia has issued a customer alert regarding a data breach after a third-party service provider linked to the airline’s systems was hacked, resulting in unauthorized access to certain customer information. The attackers claim to possess up to 77 GB of data related to the airline. As Spain’s flag […]
486/68 Tuesday, November 25, 2025 Cybersecurity researchers from ThreatFabric have announced the discovery of a new and highly sophisticated Android malware variant named “Sturnus” on November 20, 2025. It is classified as a high-risk threat due to its advanced capabilities, which surpass those of typical malware. The most alarming feature is its ability to completely […]
485/68 Monday, November 24, 2025 Security researchers are warning about a long-running cyber-espionage campaign-active for nearly three years-that leverages supply-chain attacks and multiple infection techniques to distribute the “BadAudio” malware to a wide range of targets. The attackers spread the malware through website compromises, embedding malicious code into files from partner companies, and highly targeted […]
484/68 Monday, November 24, 2025 SolarWinds has released a security update addressing three critical vulnerabilities in its Serv-U File Transfer Solution that could allow attackers to execute arbitrary code remotely (Remote Code Execution – RCE). All vulnerabilities affect Serv-U version 15.5.2.2.102 and have been fixed in version 15.5.3. Details of the patched vulnerabilities include: SolarWinds […]
483/68 Monday, November 24, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle Identity Manager vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming that attackers are actively exploiting it in the wild. The flaw, CVE-2025-61757, carries a CVSS score of 9.8/10 and stems from an authentication validation failure. It […]
482/68 Friday, November 21, 2025 Researchers have uncovered a cyberattack campaign known as Operation WrtHug, which targets older and near end-of-life (EOL) ASUS routers-over 50,000 devices worldwide-with the goal of creating a massive botnet. The largest concentrations of compromised devices were found in Taiwan, the United States, and Russia. Most affected routers were using ASUS […]
481/68 Friday, November 21, 2025 NHS England Digital has issued an alert regarding a security vulnerability in the 7-Zip file archiving software, identified as CVE-2025-11001 (CVSS 7.0), which is now being actively exploited. The flaw allows attackers to execute arbitrary code remotely (RCE). The 7-Zip development team has already released a fix in version 25.00, […]
