Cybersecurity Articles

272/68 Tuesday, July 29, 2025 International law enforcement agencies have taken down the .onion websites operated by the BlackSuit ransomware group, which were used to leak victim data via the TOR network. A seizure banner displayed on the sites confirms the operation was led by U.S. Homeland Security Investigations (HSI), featuring logos from 17 international […]

271/68 Tuesday, July 29, 2025 Cybersecurity researchers from Nozomi Networks have disclosed the discovery of more than 12 vulnerabilities in the Niagara Framework, an intelligent device management system developed by Tridium, a subsidiary of Honeywell. These vulnerabilities could be exploited by attackers within the same network, especially when misconfigurations leave encryption disabled. When chained together, […]

270/68 Friday, July 25, 2025 Sophos has released fixes for five vulnerabilities affecting its Sophos Firewall product, including two critical flaws that could allow unauthenticated remote code execution (RCE), potentially enabling attackers to gain full control over affected devices. The vulnerabilities addressed include: Sophos confirmed that all five vulnerabilities have been addressed via a hotfix. […]

269/68 Friday, July 25, 2025 Cybersecurity experts at Sucuri have uncovered a new tactic used by threat actors to exploit WordPress systems by embedding a backdoor into a special type of plugin known as a “mu-plugin” (Must-Use Plugin). These plugins are placed in the wp-content/mu-plugins directory and are automatically enabled on every WordPress site without […]

268/68 Thursday, July 24, 2025 Cisco has issued a cybersecurity advisory regarding three critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products, which have been actively exploited. All three vulnerabilities carry the maximum CVSS severity score of 10.0 and allow unauthenticated remote code execution (RCE), enabling attackers to take […]

267/68 Thursday, July 24, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a joint advisory on Tuesday warning of a surge in ransomware attacks attributed to the […]

266/68 Wednesday, July 23, 2025 ExpressVPN, one of the world’s leading VPN providers, has released an urgent patch to address a vulnerability in its Windows client software. The issue was discovered when it was found that using the Remote Desktop Protocol (RDP) could cause certain traffic to leak outside the VPN tunnel. This exposed users’ […]

265/68 Wednesday, July 23, 2025 A recent investigation by cybersecurity firm Group-IB has revealed the growing prevalence of cybercriminal networks leveraging “fake receipt generators” available through a platform called MaisonReceipts. This website offers fraudulent receipts mimicking over 21 well-known retail brands across the United States, the United Kingdom, and the European Union. The service is […]

264/68 Tuesday, July 22, 2025 Hewlett-Packard Enterprise (HPE) has issued a security advisory regarding critical vulnerabilities in Aruba Instant On Access Points, Wi-Fi devices designed for small to medium-sized businesses. A hardcoded password was discovered in the firmware of affected devices, allowing unauthorized attackers to bypass authentication and access the Web Interface without admin privileges. […]

263/68 Tuesday, July 22, 2025 On July 18, 2025, CrushFTP disclosed an active zero-day exploitation of a critical vulnerability tracked as CVE-2025-54309, with a CVSS severity score of 9.0. The flaw stems from improper AS2 verification handling in the disabled DMZ Proxy feature, allowing remote attackers to escalate privileges to admin access via HTTPS protocol. […]