Recent findings indicate that threat actors are exploiting a critical vulnerability in SAP NetWeaver, allowing them to upload JSP-based web shells for unauthorized file uploads and code execution. This development poses a significant risk to enterprises relying on SAP solutions, especially given that many of the affected systems were already…
In a significant escalation of cyber warfare, a joint report by Google’s Threat Analysis Group (TAG) and Mandiant reveals that Russian cyber attacks against Ukraine surged by 250% in 2022 compared to two years prior. This dramatic increase coincided with Russia’s military invasion of Ukraine in February 2022, focusing on…
Data Privacy, Data Security EU General Court Upholds Trans-Atlantic Data Transfer Framework Akshaya Asokan (asokan_akshaya) • September 3, 2025 Underwater scenery in the Atlantic Ocean. (Image: Johan Holmdahl/Shutterstock) The European Union General Court has ruled against a French politician’s attempt to annul the legal structure facilitating commercial data transfers between…
Potential Security Breach Due to Misissued TLS Certificates A recent alarming security discovery has raised concerns about the vulnerabilities inherent in the public key infrastructure (PKI) supporting internet trust. The precise details surrounding the organization or individual responsible for acquiring unauthorized credentials remain unclear, as representatives from Fina have not…
Cybersecurity researchers have revealed 46 critical security vulnerabilities in products provided by three prominent solar power system manufacturers: Sungrow, Growatt, and SMA. These vulnerabilities may allow malicious actors to commandeer affected devices or execute remote code, posing significant risks to electrical grid stability. Designated as SUN:DOWN by Forescout Vedere Labs,…
Cybersecurity firm Zscaler has reported a significant data breach that has compromised customer contact information. This breach occurred when unauthorized individuals gained access to Zscaler’s Salesforce database utilizing compromised credentials from a third-party application. The incident is part of a wider campaign that specifically targeted Salesloft Drift, a marketing automation…
Recent cybersecurity reports have illuminated the activities of an initial access broker (IAB) known as ToyMaker, which has been linked to facilitating access for ransomware groups, including the notorious CACTUS. This IAB has been observed actively scanning for vulnerabilities in systems, as well as deploying bespoke malware identified as LAGTOY,…
Cybersecurity Alert: Indian Government Entities Targeted by Advanced Spear-Phishing Campaign A recent spear-phishing operation has emerged, targeting various entities within the Indian government, aiming to deploy an updated version of a malicious backdoor known as ReverseRAT. This campaign has been attributed to the cyber threat group SideCopy, which has direct…
Data Breach Notification, Data Privacy, Data Security Ransomware Group Nova Threatens to Expose Patient Data Amid Ongoing Negotiations Marianne Kolbasuk McGee (HealthInfoSec) • September 3, 2025 Dutch medical lab Clinical Diagnostics, part of Eurofins Scientific, indicates a recent hacking incident has impacted approximately 941,000 participants in a Netherlands cervical cancer…
