Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Network Firewalls, Network Access Control Researchers Sound Alarm Over Misconfigured Customer Network Edge Devices Mathew J. Schwartz (euroinfosec) • December 16, 2025 Image: xfilephotos/Shuttertstock Cybersecurity experts have issued a warning regarding the vulnerabilities posed by misconfigured network edge devices, emphasizing that these…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Network Firewalls, Network Access Control Misconfigured Customer Network Edge Devices Under Attack, Researchers Warn Mathew J. Schwartz (euroinfosec) • December 16, 2025 Image: xfilephotos/Shutterstock Cybersecurity experts are sounding the alarm as Russian hackers exploit misconfigured network-edge devices to facilitate unauthorized access into…
Cisco Addresses Critical Vulnerability in Unity Connection Software Cisco has announced the availability of software updates in response to a significant security vulnerability affecting its Unity Connection platform. This vulnerability, identified as CVE-2024-20272, has been assigned a CVSS score of 7.3, indicating a critical level of risk. The issue stems…
In a troubling development for the cybersecurity landscape, Visa has alerted the public to a JavaScript web skimmer called Baka. Concurrently, a group of researchers from ETH Zurich has identified a critical authentication vulnerability in Visa’s EMV-enabled payment cards, which could be exploited by cybercriminals to unlawfully extract funds from…
In a significant cybersecurity incident, Reddit recently confirmed a data breach occurring in June that compromised user information, including current email addresses and data from a 2007 backup that contains usernames and hashed passwords. This breach appears to be a reaction from an aggrieved party dissatisfied with Reddit’s account ban…
Cybercrime, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Vercel Issues Warning: Two Additional Vulnerabilities in React Server Components Urgently Require Patching Mathew J. Schwartz (@euroinfosec) • December 15, 2025 Image: Shutterstock/React/ISMG Experts warn that the React2Shell vulnerability is being exploited en masse by state-sponsored attackers connected to China, North…
Deadline Approaching for AT&T Customers to Claim Compensation AT&T customers are nearing the end of their opportunity to receive compensation related to a significant data breach that has impacted numerous individuals. This incident has raised substantial concerns regarding the security measures in place and the responsibility of companies to protect…
Recent developments in cybersecurity reveal a critical vulnerability affecting the Apache OfBiz open-source Enterprise Resource Planning (ERP) system. Researchers at VulnCheck have successfully created proof-of-concept (PoC) code exploiting the flaw, identified as CVE-2023-51467. This vulnerability, which carries a CVSS score of 9.8, allows attackers to execute a memory-resident payload, potentially…
New Timing Vulnerability Discovered in TLS: Raccoon Attack A recent study has revealed a significant timing vulnerability affecting the Transport Layer Security (TLS) protocol, potentially allowing attackers to compromise encryption and access sensitive communications under specific scenarios. Researchers have labeled this exploit the “Raccoon Attack,” targeting server-side operations in TLS…
