Cybersecurity Articles

300/68 Wednesday, August 20, 2025 Xerox has released patches to address two high-severity vulnerabilities: CVE-2025-8355 (XXE Injection) and CVE-2025-8356 (Path Traversal) in its FreeFlow Core platform, which is used for Print Automation and Workflow Management. Both vulnerabilities allow unauthenticated attackers to perform remote code execution (RCE). A research team from Horizon3 discovered the flaws. They […]

299/68 Wednesday, August 20, 2025 Cybercriminals are deploying a new tactic by impersonating Google Support through emails or phone calls that claim “someone is trying to hack your account”, urging users to immediately reset their password. Victims then receive a separate account reset email. When the user logs in and shares a verification code, attackers […]

298/68 Tuesday, August 19, 2025 Colt Technology Services, a UK-headquartered telecommunications provider, is facing a multi-day service disruption following a ransomware attack carried out by the WarLock group on August 12. Affected services include Hosting, Porting, Colt Online, and Voice API, with the company’s IT team currently working to restore impacted systems. Initially, Colt described […]

297/68 Tuesday, August 19, 2025 A threat actor using the alias Chucky_BF has reportedly advertised a massive database allegedly containing PayPal login credentials on a cybercrime forum. The data set, dubbed the “Global PayPal Credential Dump 2025,” is over 1.1 GB in size and includes more than 15.8 million records of plain-text email and password […]

296/68 Monday, August 18, 2025 Researchers from Trustwave SpiderLabs have issued a warning regarding a new attack campaign by the threat group EncryptHub (also known as LARVA-208 or Water Gamayun). The group is leveraging the CVE-2025-26633 vulnerability, also known as “MSC EvilTwin,” found in Microsoft Management Console (MMC), in combination with social engineering tactics to […]

295/68 Monday, August 18, 2025 Cybersecurity experts have issued warnings about a new cyber threat called “Man-in-the-Prompt”, which can compromise popular artificial intelligence (AI) platforms such as ChatGPT, Gemini, Copilot, and Claude. This attack does not require complex techniques but instead leverages browser extensions that can access the Document Object Model (DOM) of web pages. […]

294/68 Friday, August 15, 2025 Fortinet has issued a warning regarding a critical vulnerability, identified as CVE-2025-25256, which has received a CVSS severity score of 9.8. The vulnerability is currently under active exploitation targeting FortiSIEM systems. It is classified as an OS Command Injection vulnerability that allows unauthenticated attackers to execute arbitrary commands via specially […]

293/68 Friday, August 15, 2025 Kaspersky has issued a warning about the widespread infection of the Efimer Trojan malware, first discovered in October 2024 and still active well into 2025, with over 5,000 victims reported globally. This malware exhibits multiple malicious capabilities, including replacing cryptocurrency wallet addresses to redirect funds to attacker-controlled accounts, brute-forcing WordPress […]

292/68 Thursday, August 14, 2025 The hacker group ShinyHunters has leaked data stolen from U.S. insurance company Allianz Life, exposing personal and business information of over 2.8 million records. This incident is part of a broader campaign targeting Salesforce CRM systems. Allianz Life previously confirmed on July 16 that customer data—affecting approximately 1.4 million individuals—had […]

291/68 Thursday, August 14, 2025 Cybersecurity firm GreyNoise has issued a warning about a significant spike in brute-force attacks targeting Fortinet SSL VPN devices worldwide. These attacks began on August 3, 2025, and involved over 780 unique IP addresses, with more than 56 flagged as malicious in the past 24 hours alone. The attack sources […]