A significant security vulnerability, identified as a cross-site scripting (XSS) flaw, has been exploited in a widely-used virtual tour framework, allowing cybercriminals to inject harmful scripts into hundreds of websites. This malicious activity aims to manipulate search results and promote spam advertising on a large scale. According to a report…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported the addition of two critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, both linked to severe weaknesses within Zimbra Collaboration software. These flaws have shown substantial evidence of active exploitation, posing significant risks to affected email servers. The vulnerabilities…
Fraud Management & Cybercrime, Ransomware Service Disruptions Persist at Major European Airports Following Recent Cyberattack Akshaya Asokan (asokan_akshaya) • September 22, 2025 Flight cancellations at Brussels International Airport on May 4, 2010. (Image: Shutterstock) In a significant cyber incident categorized as a ransomware attack, several major European airports, including London…
Credential Stealer Targets LastPass Users via Malicious Ads Recent reports have surfaced regarding a cybersecurity threat involving malicious advertisements that impersonate various online services, with a particular focus on users of the LastPass password manager. Security firms have alerted the public about this campaign, which aims to infect Mac computers…
Recent investigations have unveiled a serious vulnerability within Google’s “Sign in with Google” authentication system, which can be exploited through a peculiar loophole in domain ownership. This flaw potentially allows unauthorized users to access sensitive data associated with former employees of defunct companies. Dylan Ayrey, co-founder and CEO of Truffle…
Stellantis, the multinational automotive corporation behind brands such as Citroën, FIAT, Jeep, Chrysler, and Peugeot, has disclosed a data breach impacting its North American customers. This incident highlights significant vulnerabilities in third-party service provider networks associated with customer service operations. On Sunday, Stellantis reported the detection of unauthorized access to…
Recent investigations have unveiled that cybercriminals have exploited a critical vulnerability in the BioNTdrv.sys driver of Paragon Partition Manager, leveraging it in ransomware attacks to escalate privileges and execute unauthorized code. This significant zero-day vulnerability, classified as CVE-2025-0289, is part of a broader set of five vulnerabilities identified by Microsoft…
Recent investigations by cybersecurity firms SEKOIA and Trend Micro have uncovered a new campaign led by the Chinese threat actor known as Lucky Mouse. This operation involves deploying a compromised version of the MiMi chat application, which serves as a vector for backdoor attacks on systems across multiple platforms. The…
Recent revelations highlight a critical vulnerability within the healthcare sector, where millions of medical devices are at risk due to inadequate security measures, including default credentials and weak passwords. Soufian El Yadmani, CEO and co-founder of Modat, shared insights from recent research indicating that these security misconfigurations expose sensitive medical…
