October 21, 2025Ravie LakshmananCyber Espionage / Network Security A European telecommunications company has reportedly fallen victim to a cyber intrusion attributed to a threat actor associated with the China-linked group known as Salt Typhoon. This incident, as reported by Darktrace, took place during the first week of July 2025. Attackers…
Critical Vulnerability Discovered in SailPoint’s IdentityIQ Software A significant security vulnerability has been identified in SailPoint’s IdentityIQ identity and access management (IAM) software, potentially exposing sensitive data stored in application directories. The flaw, designated CVE-2024-10905, carries a maximum CVSS score of 10.0, highlighting its critical severity. This vulnerability affects various…
Stealth Malware Campaign Targets Middle Eastern Entities A sophisticated malware campaign has been uncovered, targeting government bodies, military organizations, law firms, and financial institutions predominantly in the Middle East. Initiated as early as 2019, the campaign leverages malicious Microsoft Excel and Word documents to infiltrate victim networks. Kaspersky, a Russian…
Could the portrayal of heists in entertainment be more than mere fiction? The French television series Lupin recently seemed to foreshadow a dramatic theft at the Louvre, which unfolded on the morning of October 19. This incident saw professional thieves executing a meticulously planned break-in at one of the world’s…
In a significant security breach, JumpCloud has confirmed that a sophisticated nation-state actor infiltrated its systems, targeting a select group of its customers. Shortly following a reset of API keys for affected clients, Bob Phan, Chief Information Security Officer (CISO) at JumpCloud, stated, “The adversary gained unauthorized access to our…
Endpoint Security, Litigation, Standards, Regulations & Compliance U.S. Court Bars NSO Group from WhatsApp and Orders Destruction of Hacking Code Chris Riotta (@chrisriotta) • October 20, 2025 Image: Shutterstock/NSO Group/ISMG A significant legal ruling from a U.S. district court has permanently restricted Israeli spyware firm NSO Group from utilizing its…
Cybersecurity Incident: Dodo and iPrimus Email Accounts Compromised In a recent incident, Vocus Group has confirmed a significant data breach affecting its telecommunications brands, Dodo and iPrimus. The breach has led to the unauthorized access of approximately 1,600 Dodo email accounts and subsequent SIM swap fraud affecting 34 Dodo Mobile…
Critical Vulnerability Discovered in Veeam Service Provider Console Veeam has issued immediate security updates addressing a significant vulnerability within its Service Provider Console (VSPC). This flaw poses a serious risk, enabling potential remote code execution on vulnerable systems. The vulnerability, designated as CVE-2024-42448, has been assigned a critical CVSS score…
A recent phishing campaign has emerged, leveraging socially engineered SMS messages to deliver malware to Android devices. This operation appears to impersonate Iranian governmental and social security entities, aiming to extract credit card information and facilitate financial theft from victims’ bank accounts. In contrast to other forms of banking malware,…
