A significant vulnerability recently disclosed in Kubernetes has raised alarms due to its potential for enabling remote code execution with elevated privileges. This vulnerability, labeled as CVE-2023-5528, affects all kubelet versions from 1.8.0 onwards and has been assigned a CVSS score of 7.2, indicating its severity. According to Akamai security…
SonicWall has issued a critical alert regarding active exploitation efforts targeting a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices. This vulnerability affects both physical and virtual SMA 100 10.x devices, covering models such as the SMA 200, 210, 400, 410, and 500v. This issue came to…
Ecuador’s Data Breach: A Major Security Incident Exposes Personal Information of Millions In a staggering breach of data security, Ecuador has experienced what is being labeled as the largest data leak in the nation’s history. Authorities apprehended the general manager of the IT consulting firm Novaestrat following the revelation that…
Fraud Management & Cybercrime, Governance & Risk Management, Patch Management Highlights: npm Packages Breach, FBI Fraud Alert, CISO Dismissal at Campbell’s Pooja Tikekar (@PoojaTikekar) • November 27, 2025 Image Source: Shutterstock/ISMG ISMG compiles weekly cybersecurity incidents and breaches globally. This week highlights a critical vulnerability in Oracle that is being…
Data Breach at Mixpanel Exposes OpenAI User Information A recent data breach at Mixpanel Inc., a prominent data analytics provider, has resulted in the exposure of account information belonging to some users of OpenAI Group PBC. This incident was disclosed by OpenAI on Wednesday, highlighting the potential risks associated with…
Cybersecurity Warning: Malicious Ads Target Chinese Users of Notepad++ and VNote Recent reports indicate a concerning trend wherein Chinese users searching for legitimate software such as Notepad++ and VNote are being targeted by malicious advertisements. These ads lead to fraudulent links that distribute trojanized versions of the software, culminating in…
Recent cyber operations attributed to state-sponsored Iranian threat actors underline a sustained focus on collecting sensitive information on individuals that may jeopardize the stability of the Islamic Republic. The targets include dissidents, opposition forces, supporters of ISIS, and Kurdish natives, as evidenced by two coordinated cyber campaigns. The latest findings…
DoorDash Confirms Major Data Breach Affecting Nearly 5 Million Users DoorDash, the prominent food delivery service based in San Francisco, has reported a significant data breach that affects approximately 4.9 million users, including customers, delivery workers, and merchants. The breach, which occurred on May 4, 2019, was only identified by…
Blockchain & Cryptocurrency, Cybercrime, Cybercrime as-a-Service Public-Private Collaboration Essential for Ransomware Response, Asserts Anne Neuberger Akshaya Asokan (asokan_akshaya) • November 27, 2025 Anne Neuberger, former Deputy NSA for Cyber and Emerging Technologies, White House (Image: ISMG) At a recent event in London, Anne Neuberger, former Deputy National Security Adviser for…
