287/68 Friday, August 8, 2025 Infoblox, a leading DNS threat intelligence firm, has exposed the activities of a global cybercrime syndicate known as “VexTrio Viper.” This group has been distributing fake mobile applications through both the Google Play Store and Apple App Store under various developer names such as HolaCode, LocoMind, Hugmi, and Klover Group. […]
286/68 Thursday, August 7, 2025 On July 24, 2025, Cisco disclosed a data breach involving a third-party-managed Customer Relationship Management (CRM) system. The breach was caused by a vishing (voice phishing) attack, in which a malicious actor impersonated a trusted individual and contacted a Cisco employee via phone, ultimately gaining access to a subset of […]
285/68 Thursday, August 7, 2025 Cisco Talos has disclosed five critical security vulnerabilities in Broadcom’s BCM5820X chips, which are used in over 100 models of Dell computers – particularly in enterprise-focused devices like Dell Latitude and Precision. These systems often feature ControlVault3, a dedicated security subsystem used to store sensitive data such as passwords, fingerprint […]
284/68 Wednesday, August 6, 2025 French luxury fashion brand Chanel is the latest victim in an ongoing data theft campaign targeting organizations using Salesforce systems. The breach was discovered on July 25, 2025, when unauthorized access was detected in Chanel’s customer database hosted on a third-party provider. The company later confirmed that the incident involved […]
283/68 Wednesday, August 6, 2025 The latest 2025 Threat Hunting Report from CrowdStrike reveals that hacker groups around the world – both state-sponsored and cybercriminal (eCrime) – are increasingly leveraging Generative AI (GenAI) to enhance the sophistication and effectiveness of their cyberattacks. These AI-driven threats are expanding across areas such as social engineering, malware development, […]
282/68 Tuesday, August 5, 2025 Lovense has urgently released patches to address two critical vulnerabilities after a security researcher known as “BobDaHacker” revealed that the flaws could allow attackers to remotely take over user accounts and expose email addresses-all without needing a password. The first vulnerability stemmed from the app transmitting user email addresses without […]
281/68 Tuesday, August 5, 2025 The Lazarus Group, a hacking collective linked to the North Korean government, has once again been exposed for evolving its tactics-this time leveraging open-source software to distribute malware. Cybersecurity firm Sonatype recently reported the discovery of so-called “shadow downloads”—malicious files masquerading as popular software development tools embedded in over 200 […]
280/68 Monday, August 4, 2025 Researchers at Nextron Systems have discovered a new malware strain called “Plague,” which embeds itself as a PAM (Pluggable Authentication Module) on Linux systems. The malware exploits the PAM framework to bypass standard authentication processes, allowing attackers to maintain persistent SSH access without needing to provide a password. Plague also […]
279/68 Monday, August 4, 2025 Cybersecurity researchers from Arctic Wolf Labs have revealed that the Akira ransomware group has been actively targeting SonicWall SSL VPN systems since mid-July 2025. The attackers are using the VPN service as an entry point into victims’ networks. Notably, some of the affected devices had already been updated with the […]
278/68 Friday, August 1, 2025 Apple has released a security patch to address a zero-day vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), which has been actively exploited in attacks targeting Google Chrome users. The flaw stems from insufficient validation of untrusted data in the ANGLE (Almost Native Graphics Layer Engine) module and GPU components. If […]
