admin

admin

  • Joined: September 10, 2024
  • Articles: 4624

Iranian State-Sponsored Hackers Target U.S. Energy and Transportation Infrastructure

April 19, 2023
Cyber Threat / SCADA

A subgroup of Iranian state-backed hackers, identified as Mint Sandstorm, has been implicated in a series of attacks against critical U.S. infrastructure from late 2021 to mid-2022. According to Microsoft’s Threat Intelligence team, this group demonstrates a high level of technical expertise, with the ability to create custom tools and rapidly exploit known vulnerabilities. Their operational focus aligns closely with Iran’s national interests, targeting seaports, energy firms, transit systems, and a major U.S. utility and gas company. These cyber activities are believed to be retaliatory, stemming from prior attacks on Iran’s maritime, railway, and gas station payment systems between May 2020 and late 2021. Iran has alleged that these earlier attacks were orchestrated by Israel and the U.S. to incite domestic unrest.

Iranian State-Sponsored Hackers Target U.S. Energy and Transportation Sectors April 19, 2023 Recent investigations have revealed a troubling pattern of cyberattacks linked to an Iranian government-backed group known as Mint Sandstorm. These attacks, which occurred intermittently from late 2021 to…

Ontic Raises $230M to Expand Connected Security Platform

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Physical Security Firm Targets Insider Risks with Federal Growth and AI Automation Michael Novinson (@MichaelNovinson) • August 25, 2025 Manish Mehta, Chief Solutions and Innovation Officer at Ontic (Image: Ontic)…

Severe Vulnerability in Commvault Command Center Allows Remote Code Execution

April 24, 2025
Data Breach / Vulnerability

A significant security vulnerability has been identified in the Commvault Command Center, posing a risk for arbitrary code execution on compromised systems. This flaw, designated CVE-2025-34028, has a high CVSS score of 9.0 out of 10. Commvault indicated in an advisory released on April 17, 2025, that the vulnerability permits remote attackers to run arbitrary code without authentication, potentially leading to full system compromise. It affects the 11.38 Innovation Release, covering versions 11.38.0 to 11.38.19, and has been patched in versions 11.38.20 and 11.38.25. Sonny Macdonald, a researcher at watchTowr Labs who discovered and reported the issue on April 7, 2025, noted that it could be exploited for pre-authenticated remote code execution.

Critical Flaw in Commvault Command Center Exposes Systems to Remote Code Execution On April 17, 2025, Commvault alerted its users to a significant security vulnerability within the Command Center, designated as CVE-2025-34028. This flaw poses a severe risk, allowing remote…

Microsoft OneDrive File Picker Vulnerability Allows Full Access to Cloud Storage When Uploading a Single File

May 28, 2025
Data Privacy / Vulnerability

Cybersecurity researchers have identified a serious security flaw in Microsoft’s OneDrive File Picker. If exploited, this vulnerability could enable websites to gain access to a user’s entire cloud storage, rather than just the files intended for upload. According to the Oasis Research Team’s report to The Hacker News, the issue arises from overly broad OAuth scopes and unclear consent screens that do not adequately communicate the level of access being granted. This flaw poses significant risks, including potential customer data leaks and violations of compliance regulations. Affected applications may include ChatGPT, Slack, Trello, and ClickUp, all of which integrate with Microsoft’s cloud service. The core of the problem lies in the excessive permissions required by the OneDrive File Picker, which requests read access to the entire drive, even when only a single file is selected for upload, due to a lack of fine-grained permission controls.

Security Flaw in Microsoft OneDrive File Picker Exposes Users to Potential Data Breaches May 28, 2025 Recent findings from cybersecurity researchers at the Oasis Research Team have unveiled a serious vulnerability within Microsoft’s OneDrive File Picker. This flaw enables websites…

U.S. and U.K. Alert on Russian Hackers Utilizing Cisco Router Vulnerabilities for Espionage

April 19, 2023
Network Security / Cyber Espionage

Cybersecurity and intelligence agencies from the U.S. and U.K. have issued a warning about Russian state-sponsored actors exploiting recently patched vulnerabilities in Cisco networking equipment for reconnaissance and malware deployment against specific targets. These intrusions occurred in 2021 and affected a limited number of entities across Europe, U.S. government agencies, and around 250 Ukrainian victims. The activity has been linked to the threat group APT28, also known as Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, and Sofacy, which is connected to the Russian General Staff Main Intelligence Directorate (GRU). The National Cyber Security Centre (NCSC) noted that APT28 gained access to vulnerable routers using default and weak SNMP community strings, as well as by exploiting CVE-2017-6742, a remote code execution vulnerability with a CVSS score of 8.8.

U.S. and U.K. Governments Alert on Russian Cyber Actors Exploiting Cisco Vulnerabilities On April 19, 2023, cybersecurity and intelligence agencies from the United States and the United Kingdom issued a warning regarding the activities of Russian state-sponsored hackers. These actors…

Nevada State Offices Suspend Services Following Cyber Incident

Incident & Breach Response, Security Operations Nevada Faces Widespread IT Disruption, Leading to Service Suspension Chris Riotta (@chrisriotta) • August 25, 2025 Image: Alexander Lukatskiy/Shutterstock Nevada state agencies have suspended several in-person services as a result of a network security…

159 CVEs Reported Exploited in Q1 2025 — 28.3% Targeted Within 24 Hours of Disclosure

April 24, 2025
Vulnerability / Threat Intelligence

In the first quarter of 2025, a total of 159 CVE identifiers have been identified as actively exploited, a rise from 151 in the previous quarter. According to a report from VulnCheck shared with The Hacker News, the pace of exploitation remains rapid, with 28.3% of these vulnerabilities being targeted within a day of their disclosure. This accounts for 45 security flaws weaponized in real-world attacks shortly after being revealed. An additional 14 vulnerabilities were exploited within a month, while another 45 were abused over the course of a year. The majority of these vulnerabilities were found in content management systems (CMS), followed by network edge devices, operating systems, open-source software, and server software. Breakdown includes:

  • Content Management Systems (CMS): 35
  • Network Edge Devices: 29
  • Operating Systems: 24
  • Open Source Software: 14
  • Server Software: 14

159 CVEs Exploited in Q1 2025—28.3% Within 24 Hours of Disclosure April 24, 2025 In the first quarter of 2025, a total of 159 Common Vulnerabilities and Exposures (CVEs) have been identified as actively exploited, a notable increase from 151…