A serious vulnerability has been uncovered in Oracle’s enterprise identity management system, posing risks of severe exploitation by remote, unauthenticated attackers. This flaw, identified as CVE-2017-10151, has been given the highest possible CVSS score of 10, indicating it is both critical and easily exploitable without the need for any user…
Governance & Risk Management Presented by ISMG 60 The cybercrime landscape is projected to escalate into a $10.5 trillion industry by 2025, with an annual growth rate of about 15%. Once primarily a concern for large enterprises, mid-sized businesses are increasingly being targeted. Reportedly, nearly half of all cyberattacks are…
Coupang data breach: Culprit identified, all customers’ leaked data deleted In a significant security incident, Coupang, a leading South Korean e-commerce platform, has encountered a severe data breach that has compromised the personal information of over 33 million customers. On December 25, 2025, the company announced that it had successfully…
Recent advisories from the maintainers of ownCloud have revealed three critical vulnerabilities within their open-source file-sharing software that could lead to unauthorized access, data modification, and exposure of sensitive information. These vulnerabilities pose significant risks to users and require immediate attention. The first flaw, identified as CVE-2023-49103, boasts a CVSS…
Malicious Campaign Targeting MS-SQL Servers Discovered by Researchers Cybersecurity experts have identified a prolonged malicious campaign that has been active since May 2018, focusing on Windows machines equipped with MS-SQL servers. The campaign, named “Vollgar” after the Vollar cryptocurrency it mines, is aimed at deploying backdoors and diverse malware, including…
In a troubling development for the retail sector, Forever 21 has announced a payment card data breach affecting its customers. The Los Angeles-based fast-fashion retailer revealed that hackers managed to access payment card information from various store locations, posing a significant cybersecurity risk. The incident was brought to light earlier…
Cryptocurrency Fraud , Finance & Banking , Fraud Management & Cybercrime Also: Trader Loses $50M in USDT Due to Address Poisoning Scam Rashmi Ramesh (@rashmiramesh_) • December 25, 2025 Image: Shutterstock This week, the Information Security Media Group provides a summary of critical cybersecurity incidents impacting the digital asset space.…
Dec 25, 2025Ravie LakshmananData Breach / Financial Crime Recent findings from TRM Labs reveal that encrypted vault backups compromised in the 2022 LastPass data breach have been exploited by cybercriminals to access crypto assets, particularly due to the use of weak master passwords. This criminal activity has reportedly persisted into…
Emergence of the Dark_Nexus IoT Botnet: A New Threat to Cybersecurity Cybersecurity experts have unveiled a sophisticated new IoT botnet known as “dark_nexus,” which is leveraging compromised smart devices to launch distributed denial-of-service (DDoS) attacks. This emerging threat can be triggered on demand through platforms offering DDoS-for-hire services, placing numerous…
