Cybersecurity Articles

256/68 Wednesday, July 16, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability, CVE-2025-1727, affecting End-of-Train (EoT) and Head-of-Train (HoT) systems—wireless communication platforms used to control train braking operations. The flaw, categorized under Weak Authentication (CWE-1390), could allow a malicious actor to remotely send spoofed brake commands […]

255/68 Wednesday, July 16, 2025 Cybersecurity researchers from Security Explorations have disclosed a major vulnerability in eSIM technology used in Kigen’s eUICC cards, potentially exposing billions of IoT devices worldwide to malicious attacks. The flaw stems from the use of test profiles defined by the GSMA TS.48 standard, specifically version 6.0 and earlier, which allows […]

254/68 Tuesday, July 15, 2025 Cybersecurity experts are warning of a critical vulnerability tracked as CVE-2025-47812, which has been actively exploited in the wild. The flaw affects Wing FTP Server software and carries a maximum CVSS severity score of 10.0 This vulnerability allows unauthenticated remote code execution (RCE) with root or SYSTEM privileges. Alarmingly, exploitation […]

253/68 Tuesday, July 15, 2025 The global cybersecurity community is facing a rising threat from a covert operation involving fake IT workers linked to the North Korean government. These operatives are infiltrating international companies by applying for remote engineering and software development roles. Using seemingly legitimate résumés, they claim experience at top global firms or […]

252/68 Monday, July 14, 2025 Fortinet has released a patch to address a critical vulnerability, tracked as CVE-2025-25257, with a CVSS severity score of 9.6/10. The flaw affects FortiWeb devices and allows unauthenticated attackers to send specially crafted SQL commands via HTTP or HTTPS requests, potentially granting unauthorized access to the database or allowing execution […]

251/68 Monday, July 14, 2025 Cybersecurity researchers have discovered a critical vulnerability in McHire, the chatbot-powered hiring platform used by McDonald’s to recruit employees across the United States. The flaw exposed personal data and chat conversations from over 64 million job applications, primarily due to the system’s admin panel using weak default credentials—both the username […]

250/68 Wednesday, July 9, 2025 A group of hackers has stolen more than $140 million USD from six banks in Brazil by exploiting the credentials of an employee at C&M, a financial connectivity solutions provider. The incident occurred on June 30, when attackers tricked a C&M employee into handing over login information and executing specific […]

249/68 Wednesday, July 9, 2025 Cybersecurity experts from Arctic Wolf and Zscaler have issued warnings about an ongoing SEO poisoning campaign-where cybercriminals manipulate Google search results to lure users, especially small and medium-sized businesses (SMBs), into downloading malware disguised as legitimate software. The primary malware used in this campaign is Oyster Loader (also known as […]

248/68 Tuesday, July 8, 2025 Cybersecurity experts from SentinelOne have issued a warning regarding a threat group linked to North Korea that is actively targeting Web3 and cryptocurrency companies. The group is distributing a macOS malware known as NimDoor, disguised as a fake Zoom update. The malware is written in the Nim programming language, which […]

247/68 Tuesday, July 8, 2025 Cybersecurity experts from Check Point have issued a warning to online shoppers about cybercriminals targeting the upcoming Amazon Prime Day, which will take place on July 8. The warning follows the discovery that over 1,000 fake domains mimicking “Amazon” and “Amazon Prime” were registered in June alone. Of these, more […]