Cybersecurity Articles

264/68 Tuesday, July 22, 2025 Hewlett-Packard Enterprise (HPE) has issued a security advisory regarding critical vulnerabilities in Aruba Instant On Access Points, Wi-Fi devices designed for small to medium-sized businesses. A hardcoded password was discovered in the firmware of affected devices, allowing unauthorized attackers to bypass authentication and access the Web Interface without admin privileges. […]

263/68 Tuesday, July 22, 2025 On July 18, 2025, CrushFTP disclosed an active zero-day exploitation of a critical vulnerability tracked as CVE-2025-54309, with a CVSS severity score of 9.0. The flaw stems from improper AS2 verification handling in the disabled DMZ Proxy feature, allowing remote attackers to escalate privileges to admin access via HTTPS protocol. […]

262/68 Monday, July 21, 2025 Japan’s cybersecurity authorities, in collaboration with Europol and the FBI, have released a free decryption tool for victims of the Phobos and 8Base ransomware strains, allowing affected users to recover their encrypted files without paying ransom. The tool is available for download on the Japanese Police Agency’s website and the […]

261/68 Monday, July 21, 2025 Cybersecurity researchers have uncovered details about “Massistant,” a mobile forensic analysis tool used by Chinese law enforcement to extract data from confiscated smartphones. Developed by SDIC Intelligence Xiamen Information Co., Ltd.-formerly known as Meiya Pico-the tool reflects the company’s specialization in electronic data forensics and network security technologies. According to […]

260/68 Friday, July 18, 2025 Luxury fashion brand Louis Vuitton has officially confirmed that the data breach affecting customer information in the United Kingdom, South Korea, and Turkey originated from the same incident. The company suspects a connection to the notorious ransomware group ShinyHunters, which has a track record of attacking major organizations worldwide. According […]

259/68 Friday, July 18, 2025 Cybersecurity researchers have uncovered a new strain of malware, “BADBOX 2.0,” which has been found pre-installed in over one million Android-based IoT devices across 222 countries. This dangerous malware turns smart devices into proxy nodes in a global botnet, enabling cybercriminals to conduct large-scale fraud and malicious cyber activities. Due […]

258/68 Thursday, July 17, 2025 Belk, a major U.S. department store chain, has confirmed it was the target of a cyberattack between May 7–11, 2025. According to the company’s statement, unauthorized actors gained access to internal systems and exfiltrated sensitive company documents. The ransomware group “DragonForce” has claimed responsibility for the attack, stating it stole […]

257/68 Thursday, July 17, 2025 Cloudflare has released its Q2 2025 threat report, revealing that it mitigated over 7.3 million Distributed Denial-of-Service (DDoS) attacks during the quarter. Although this marks a drop from 20.5 million attacks in Q1, the severity of attacks has sharply increased. Notably, “hyper-volumetric DDoS” attacks-those involving massive data volumes-rose to 6,500 […]

256/68 Wednesday, July 16, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability, CVE-2025-1727, affecting End-of-Train (EoT) and Head-of-Train (HoT) systems—wireless communication platforms used to control train braking operations. The flaw, categorized under Weak Authentication (CWE-1390), could allow a malicious actor to remotely send spoofed brake commands […]

255/68 Wednesday, July 16, 2025 Cybersecurity researchers from Security Explorations have disclosed a major vulnerability in eSIM technology used in Kigen’s eUICC cards, potentially exposing billions of IoT devices worldwide to malicious attacks. The flaw stems from the use of test profiles defined by the GSMA TS.48 standard, specifically version 6.0 and earlier, which allows […]