Endpoint Security, Internet of Things Security Unauthenticated Vulnerabilities Enable Complete Remote Code Execution Prajeet Nair (@prajeetspeaks) • July 30, 2025 A Dahua Hero C1 smart camera. (Image: Dahua) Unauthenticated attackers can remotely control Dahua Hero C1 smart cameras by exploiting…
The Rising Threat of Shadow AI: A Growing Challenge for Organizations Organizations are increasingly facing a hidden risk known as Shadow AI, a phenomenon that has been tagged as a staggering $670,000 issue that many aren’t even aware exists. Recent…
June 23, 2025
Hacktivism / Cyber Warfare
The U.S. government has issued a warning regarding possible cyber attacks from pro-Iranian groups in response to airstrikes on Iranian nuclear facilities, a key development in the ongoing Iran–Israel conflict that began on June 13, 2025. The Department of Homeland Security (DHS) highlighted a “heightened threat environment,” indicating that cyber actors are poised to target U.S. networks.
According to the DHS bulletin, “Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and actors linked to the Iranian government may also initiate attacks.” The department emphasized that both hacktivists and Iranian state-affiliated actors frequently exploit inadequately secured U.S. networks and internet-connected devices for disruptive cyber operations. This alert follows President Donald Trump’s announcement of U.S. military airstrikes on three Iranian nuclear sites at Fordo, Natanz, and…
DHS Issues Alert on Potential Cyber Threats from Pro-Iranian Hackers Following Military Strikes On June 23, 2025, the Department of Homeland Security (DHS) issued a warning regarding an increased risk of cyber-attacks from pro-Iranian hacker groups. This alert follows the…
The infamous INC Ransomware group has asserted responsibility for a significant data breach involving Dollar Tree, a prominent American retail chain recognized for offering products primarily at $1.25 or lower. Despite its budget-friendly pricing strategy, Dollar Tree ranks among Fortune…
Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Senator Maintains Hold on Trump’s CISA Nominee Amid Report Delays Chris Riotta (@chrisriotta)• July 30, 2025 Image: Adam McCullough/Shutterstock The U.S. Cybersecurity and Infrastructure Security Agency (CISA) plans to…
Recent findings indicate that British organizations employing artificial intelligence (AI) in their cybersecurity frameworks are witnessing significant reductions in data breach costs, with savings amounting to hundreds of thousands of pounds. This assertion is supported by the UK-specific segment of…
Hackers Exploit 70+ Microsoft Exchange Servers to Deploy Keyloggers for Credential Theft
June 24, 2025
Vulnerability / Malware
Unidentified threat actors have been targeting publicly exposed Microsoft Exchange servers to inject malicious code into login pages for credential harvesting. A recent analysis by Positive Technologies revealed two types of JavaScript keyloggers on the Outlook login page: one that saves captured data to a locally accessible file and another that transmits it directly to an external server. The Russian cybersecurity firm reported that these attacks affected 65 victims across 26 countries and continue a campaign first noted in May 2024, which targeted organizations in Africa and the Middle East. Initial findings indicated at least 30 victims among government agencies, banks, IT firms, and educational institutions, with evidence of compromises dating back to 2021. The attack chains exploit known vulnerabilities in Microsoft systems.
Cybersecurity Alert: Hackers Compromise Over 70 Microsoft Exchange Servers to Capture Credentials Date: June 24, 2025 In a concerning development for organizations reliant on Microsoft Exchange, unidentified threat actors have been targeting publicly accessible servers to deploy malicious code on…
Exploitation of Command Line Vulnerability in Gemini CLI Raises Alarm for Users In a recent cybersecurity incident, researcher Cox has identified a significant vulnerability in the Gemini Command Line Interface (CLI). The exploit allows malicious commands to execute without sufficient…
Finance & Banking , Industry Specific , Security Operations New Malware Targets Brazilian Financial Sector Using Microsoft UI Automation Rashmi Ramesh (rashmiramesh_) • July 29, 2025 Image: Shutterstock/ISMG A newly identified variant of the Coyote banking Trojan has…
Data Breach in Women’s Safety App Sparks Cybersecurity Concerns In a troubling turn of events, the women-only dating safety app known as Tea has experienced significant security breaches that have exposed sensitive user data. Initially conceived as a platform for…
