269/68 Friday, July 25, 2025 Cybersecurity experts at Sucuri have uncovered a new tactic used by threat actors to exploit WordPress systems by embedding a backdoor into a special type of plugin known as a “mu-plugin” (Must-Use Plugin). These plugins are placed in the wp-content/mu-plugins directory and are automatically enabled on every WordPress site without […]
268/68 Thursday, July 24, 2025 Cisco has issued a cybersecurity advisory regarding three critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products, which have been actively exploited. All three vulnerabilities carry the maximum CVSS severity score of 10.0 and allow unauthenticated remote code execution (RCE), enabling attackers to take […]
267/68 Thursday, July 24, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a joint advisory on Tuesday warning of a surge in ransomware attacks attributed to the […]
266/68 Wednesday, July 23, 2025 ExpressVPN, one of the world’s leading VPN providers, has released an urgent patch to address a vulnerability in its Windows client software. The issue was discovered when it was found that using the Remote Desktop Protocol (RDP) could cause certain traffic to leak outside the VPN tunnel. This exposed users’ […]
265/68 Wednesday, July 23, 2025 A recent investigation by cybersecurity firm Group-IB has revealed the growing prevalence of cybercriminal networks leveraging “fake receipt generators” available through a platform called MaisonReceipts. This website offers fraudulent receipts mimicking over 21 well-known retail brands across the United States, the United Kingdom, and the European Union. The service is […]
264/68 Tuesday, July 22, 2025 Hewlett-Packard Enterprise (HPE) has issued a security advisory regarding critical vulnerabilities in Aruba Instant On Access Points, Wi-Fi devices designed for small to medium-sized businesses. A hardcoded password was discovered in the firmware of affected devices, allowing unauthorized attackers to bypass authentication and access the Web Interface without admin privileges. […]
263/68 Tuesday, July 22, 2025 On July 18, 2025, CrushFTP disclosed an active zero-day exploitation of a critical vulnerability tracked as CVE-2025-54309, with a CVSS severity score of 9.0. The flaw stems from improper AS2 verification handling in the disabled DMZ Proxy feature, allowing remote attackers to escalate privileges to admin access via HTTPS protocol. […]
262/68 Monday, July 21, 2025 Japan’s cybersecurity authorities, in collaboration with Europol and the FBI, have released a free decryption tool for victims of the Phobos and 8Base ransomware strains, allowing affected users to recover their encrypted files without paying ransom. The tool is available for download on the Japanese Police Agency’s website and the […]
261/68 Monday, July 21, 2025 Cybersecurity researchers have uncovered details about “Massistant,” a mobile forensic analysis tool used by Chinese law enforcement to extract data from confiscated smartphones. Developed by SDIC Intelligence Xiamen Information Co., Ltd.-formerly known as Meiya Pico-the tool reflects the company’s specialization in electronic data forensics and network security technologies. According to […]
260/68 Friday, July 18, 2025 Luxury fashion brand Louis Vuitton has officially confirmed that the data breach affecting customer information in the United Kingdom, South Korea, and Turkey originated from the same incident. The company suspects a connection to the notorious ransomware group ShinyHunters, which has a track record of attacking major organizations worldwide. According […]
