Barracuda Warns of Zero-Day Vulnerability Targeting Email Security Gateway Cybersecurity provider Barracuda has issued a cautionary statement regarding a zero-day vulnerability exploited to compromise its Email Security Gateway (ESG) appliances. This issue, identified as CVE-2023-2868, is characterized as a remote code injection flaw that affects multiple versions of the software,…
U.S. Government Charges Iranian Hackers in Major Academic Data Breach The United States Department of Justice has unveiled criminal charges against nine Iranian individuals accused of orchestrating a widespread hacking campaign targeting universities, technology firms, and government entities across the globe. The hacking attempts aimed to steal vital scientific research…
In a concerning development for global cybersecurity, Xiaomi, China’s leading smartphone manufacturer and the third largest in the world, has come under scrutiny for allegedly transmitting sensitive user data, such as IMEI numbers, phone numbers, and text messages, back to servers in Beijing. This revelation has raised significant alarm, particularly…
Governance & Risk Management, Zero Trust New NSA Recommendations Call for Ongoing Access Reviews and Overhauls in Implementation Chris Riotta (@chrisriotta) • February 2, 2026 NSA Headquarters located at Fort Meade, Maryland. (Image: NSA) The National Security Agency (NSA) has updated its mandates for federal agencies regarding the implementation of…
Los Angeles Law Firm Wisner Baum Faces Lawsuit Following Data Breach In a significant development in the realm of cybersecurity, the Los Angeles-based plaintiffs’ firm Wisner Baum has reportedly been sued in connection with a recent data breach that has raised serious concerns among its clientele and stakeholders. The lawsuit…
Critical Vulnerability Discovered in Expo.io’s OAuth Implementation A significant security flaw has been uncovered in the Open Authorization (OAuth) framework utilized by Expo.io, a popular application development platform. This vulnerability, identified as CVE-2023-28131, has been assigned a severe risk rating of 9.6 on the Common Vulnerability Scoring System (CVSS). According…
New Android Trojan Disguises Itself as Antivirus Threatening User Security Security experts from Cisco Talos have identified a new variant of an Android Trojan, disguised as a fraudulent antivirus application named “Naver Defender.” This malware, known as KevDroid, is a remote administration tool (RAT) capable of compromising Android devices by…
Exploitation of Notepad++ Vulnerabilities Raises Concerns Recent disclosures have highlighted significant vulnerabilities associated with Notepad++, the widely used text editor. Beaumont has elucidated that if an attacker can intercept and manipulate traffic directed to the Notepad++ download, they can redirect it to any location by altering the URL in the…
Cybersecurity Alert: Protecting Against Holiday Shopping Scams As the holiday shopping season approaches, encompassing the bustling days of Black Friday and Cyber Monday, an increased risk of cyber criminal activity emerges, prompting urgent attention from both consumers and retailers alike. This year, Black Friday falls on November 28, 2014, followed…