On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of four critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This move was prompted by clear evidence indicating that these vulnerabilities are currently being exploited in active attacks. The vulnerabilities identified are significant and warrant…
In recent weeks, the Chinese state-sponsored hacking group known as Override Panda has made headlines again, launching a sophisticated phishing campaign aimed at acquiring sensitive information. This resurgence focuses on utilizing spear-phishing tactics to compromise targeted entities. According to a report by Cluster25, this threat actor leveraged a spear-phishing email…
Identity & Access Management, Security Operations Machine Identities Surpass Human Ones, Yet Accountability Remains Inadequate Rashmi Ramesh (rashmiramesh_) • September 29, 2025 Image: Shutterstock The rapidly growing segment of users within enterprises often goes unnoticed in human resources systems. This group primarily operates through service accounts, API keys, bots, and…
A significant cybersecurity breach has been reported involving the Federal Emergency Management Agency (FEMA), where a hacker accessed its computer networks for several months earlier this year, subsequently stealing sensitive information pertaining to FEMA and U.S. Customs and Border Protection (CBP) employees. This incident highlights the vulnerabilities of critical government…
Critical Security Flaw Discovered in Veeam Backup Software Veeam has issued essential patches to rectify a critical vulnerability in its Backup software, which poses significant risks by allowing malicious actors to execute arbitrary code on compromised systems. This vulnerability, identified as CVE-2025-23114, has been rated with a high CVSS score…
Ukraine’s Computer Emergency Response Team (CERT-UA) has raised alarms regarding a wave of phishing attacks utilizing a potent information-stealing malware named Jester Stealer. This malware is deployed through a mass email campaign designed to compromise systems of unsuspecting users. The phishing emails, which carry the subject line “chemical attack,” contain…
Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) Global Cybersecurity Agencies Urge Comprehensive OT Inventories to Mitigate Threats Chris Riotta (@chrisriotta) • September 29, 2025 Image: Shutterstock In a proactive measure, global cybersecurity agencies are advising critical infrastructure operators to take stock of their operational technology environments. While…
Concerns Emerge Over Privacy Risks Linked to Tile Trackers Tile trackers, employed by over 88 million users globally to locate items such as keys and pets, are facing scrutiny following revelations by researchers from the Georgia Institute of Technology. According to a study, design vulnerabilities within Tile’s tracking technology may…
In a significant move, the U.S. Securities and Exchange Commission (SEC) has filed charges against four companies—Avaya, Check Point, Mimecast, and Unisys—for failing to provide accurate disclosures about a cyberattack that originated from the SolarWinds breach in 2020. This extensive cyber incident raised alarms across the technology sector and has…
