Cyber Threat Alert: Kimsuky Group Targets Gmail Inboxes Using Rogue Browser Extensions Recent advisories from government agencies in Germany and South Korea have highlighted a concerning wave of cyberattacks attributed to a North Korean threat actor known as Kimsuky. This group has been leveraging malicious browser extensions to infiltrate users’…
Artificial Intelligence & Machine Learning, Government, Industry Specific Also: Netskope’s High-Stakes IPO, How AI Sovereignty Threatens Our Shared Reality Anna Delaney (annamadeline) • August 29, 2025 Clockwise, from top left: Anna Delaney, Tony Morbin, Chris Riotta, and Michael Novinson This week’s update features a discussion among four editors from ISMG…
On April 8, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a significant security vulnerability in Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation occurring in the digital landscape. This critical flaw is identified as CVE-2025-30406 and carries a CVSS score of 9.0, underscoring…
Google Issues Urgent Cybersecurity Alert for Gmail Users Amid Rising Threat Landscape In a notable development within the cybersecurity realm, Google has issued an urgent warning for all Gmail users, highlighting a significant surge in cyber threats targeting the widely utilized email platform. This alert underscores the vulnerability of users…
A recent report has identified a China-linked threat actor, referred to as Chaya_004, actively exploiting a critical vulnerability in SAP NetWeaver. This attack leverages the flaw CVE-2025-31324, which has been assigned a maximum CVSS score of 10.0. The malicious activity linked to this actor has been ongoing since April 29,…
Cyber Attacks Target Middle East Telecommunications Amid Ongoing Espionage Campaign Telecommunication companies in the Middle East have recently become the focus of a series of cyber attacks that began in the first quarter of 2023. These attacks have been tied to a Chinese cyber espionage group linked to a protracted…
3rd Party Risk Management, Cybercrime, Fraud Management & Cybercrime Absolute Dental Reports Data Breach Linked to Third-Party Services Marianne Kolbasuk McGee (HealthInfoSec) • August 29, 2025 Image: Absolute Dental Absolute Dental, a dental practice operating over 50 locations in Nevada, has informed more than 1.2 million individuals about a data…
This week, as students resumed classes across the nation, WIRED reported on a self-identified leader of a violent online group known as “Purgatory,” which has been linked to a series of swatting incidents at universities in the US. The individual claims connections to a broader cybercriminal network called The Com,…
Microsoft has disclosed that a recently patched security vulnerability within the Windows Common Log File System (CLFS) was actively exploited as a zero-day in targeted ransomware attacks against several entities. This flaw, identified as CVE-2025-29824, was employed to escalate privileges, thus granting attackers SYSTEM-level access. The affected organizations span multiple…
