Critical Security Flaw in Ivanti Products Under Active Exploitation Ivanti has issued a warning regarding a severe security vulnerability affecting its Ivanti Connect Secure, Policy Secure, and ZTA Gateways, which has been subject to active exploitation since mid-December 2024. The vulnerability, identified as CVE-2025-0282, has been assigned a high CVSS…
A recently identified hacking group has been associated with targeted cyber operations against human rights activists, academics, and legal professionals in India. This activity appears aimed at implanting false digital evidence against these individuals. The cybersecurity firm SentinelOne has linked these attacks to a group it monitors under the name…
Attack Surface Management, Security Operations Attackers Access Server Files and Compromise Credentials in Gladinet CentreStack and Triofox Anviksha More (AnvikshaMore) • October 10, 2025 Image: Zakharchuk/Shutterstock Recent research reveals that hackers are exploiting a vulnerability that allows unauthorized access to critical files in file-sharing and remote-access applications, including Gladinet CentreStack…
Microsoft has issued a warning about a sophisticated scam known as “Payroll Pirate,” which is currently targeting employees by redirecting their paycheck deposits into accounts controlled by fraudsters. This attack begins with the compromise of employee profiles on platforms like Workday or other cloud-based HR services. The scammers initiate the…
John Hanley of IBM Security outlines four crucial insights from the widely recognized annual Cost of a Data Breach Report 2023. Overview of the IBM Cost of a Data Breach Report The annual IBM Cost of a Data Breach Report serves as a pivotal resource for organizations seeking to understand…
Shuffle, a prominent player in the crypto betting sector, has announced a significant data breach that compromised the personal information of a substantial portion of its user base. The source of this breach has been traced back to Fast Track, Shuffle’s customer relationship management (CRM) provider, which itself exhibited security…
Cybercriminals are exploiting a recently identified vulnerability affecting GFI KerioControl firewalls. This flaw, if successfully leveraged, may enable remote code execution (RCE) by malicious actors. The vulnerability, listed as CVE-2024-52875, pertains to a carriage return line feed (CRLF) injection attack, which can facilitate HTTP response splitting. Such an exploit may…
A sophisticated botnet known as PseudoManuscrypt has been actively targeting Windows systems in South Korea since May 2021, employing tactics similar to those used by the malware CryptBot. This trend has raised significant concerns within the cybersecurity community. A report from the South Korean cybersecurity firm AhnLab Security Emergency Response…
Encryption & Key Management, Fraud Management & Cybercrime, Governance & Risk Management Medusa Ransomware Group Linked to Exploitation of Recently Patched Zero-Day Vulnerability Mathew J. Schwartz (euroinfosec) • October 10, 2025 Image: Shutterstock/ISMG Recent cyberattacks have targeted Fortra’s GoAnywhere managed file transfer software, primarily affecting on-premises setups where the management…
