Cybersecurity Articles

142/68 Thursday, April 17, 2025 A critical security vulnerability, CVE-2025-24859, has been disclosed in Apache Roller, a popular Java-based open-source blogging server. The flaw, which affects versions ≤6.1.4, has been assigned the maximum CVSS score of 10.0, indicating its severity. The vulnerability stems from unsafe session management, allowing authenticated sessions to remain active even after […]

141/68 Thursday, April 17, 2025 Cybersecurity researchers at CloudSEK have uncovered a sophisticated malware campaign involving a fake version of the legitimate site PDFCandy[.]com, designed to trick users into downloading ArechClient2, an info-stealing malware from the SectopRAT family active since 2019. The campaign relies on malicious Google Ads and fake software update prompts to distribute […]

140/68 Friday, April 11, 2025 The Office of the Comptroller of the Currency (OCC), an agency under the U.S. Department of the Treasury, has confirmed a serious email security breach that remained undetected for over a year. The incident involved unauthorized access to more than 103 staff email accounts through a compromised administrator account, which […]

139/68 Friday, April 11, 2025 Cybersecurity and international policy experts are warning that newly announced U.S. import tariffs may inadvertently worsen the global cyber threat landscape—particularly if the measures lead to economic downturns. A potential recession could drive organizations to cut cybersecurity budgets, leaving them more vulnerable to cybercrime and state-sponsored espionage. Despite a temporary […]

138/68 Thursday, April 10, 2025 WhatsApp has released a patch for a newly discovered vulnerability, CVE-2025-30401, affecting WhatsApp for Windows versions prior to 2.2450.6. This spoofing vulnerability allows attackers to send malicious file attachments disguised with a fake MIME type, tricking users into believing the files are safe—such as images or documents—when in reality, opening […]

137/68 Thursday, April 10, 2025 Fortinet has released a critical security patch addressing a vulnerability in FortiSwitch that could allow an attacker to change the administrator password without authentication. Tracked as CVE-2024-48887, the flaw carries a CVSS severity score of 9.3 out of 10, indicating a critical risk. According to Fortinet, the vulnerability stems from […]

136/68 Wednesday, April 9, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457 to its Known Exploited Vulnerabilities (KEV) Catalog, after confirming active exploitation of the flaw in Ivanti products, including Connect Secure, Policy Secure, and Neurons for ZTA Gateways. The vulnerability is a stack-based buffer overflow in Apache Tomcat, which can […]

135/68 Wednesday, April 9, 2025 Researchers have discovered that the APT group ToddyCat, suspected to be linked to China, is exploiting a now-patched vulnerability (CVE-2024-11859) in ESET antivirus software to stealthily load and execute malware on target systems. The vulnerability, fixed in January 2024, stems from insecure DLL search order handling, allowing attackers to trick […]

134/68 Tuesday, April 8, 2025 Oracle has confirmed a data breach incident and has begun privately notifying affected customers. While the company appears to be downplaying the severity of the breach, a hacker going by the alias rose87168 claims to have accessed millions of records from Oracle Cloud, including encrypted credentials for over 140,000 users. […]

133/68 Tuesday, April 8, 2025 A growing SMS phishing campaign is targeting users by impersonating E-ZPass and other toll collection agencies such as FasTrak and the Florida Turnpike. Victims are receiving fraudulent iMessages and SMS messages designed to steal personal and credit card information. The messages typically claim that the recipient has unpaid toll fees […]