UAE Reports Over 12,000 Wi-Fi Network Breaches in 2025 Recent disclosures from the UAE’s Cyber Security Council reveal a staggering number of over 12,000 cybersecurity breaches occurring across Wi-Fi networks since the beginning of 2025. This figure accounts for approximately 35 percent of all reported cyberattacks within the country this…
June 3, 2025
Browser Security / Vulnerability
On Monday, Google announced emergency fixes for three security vulnerabilities in its Chrome browser, including a critical flaw currently being exploited in the wild. This high-severity issue, tracked as CVE-2025-5419 (CVSS score: 8.8), pertains to an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. According to the National Vulnerability Database (NVD), “Out-of-bounds read and write in V8 in Google Chrome prior to version 137.0.7151.68 allowed remote attackers to potentially exploit heap corruption via a specially crafted HTML page.” The flaw was identified and reported by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) on May 27, 2025, and was promptly addressed the following day with a configuration update to the Stable version of Chrome across all platforms. As is typical, the advisory provides limited details concerning the…
New Chrome Zero-Day Vulnerability Actively Exploited; Google Releases Urgent Patch On June 3, 2025, Google announced the issuance of out-of-band updates aimed at rectifying three critical security issues within its Chrome browser. Among these vulnerabilities, one has been identified as actively exploited in the wild. This significant flaw, cataloged as…
June 3, 2025
Browser Security / Vulnerability
On Monday, Google announced emergency fixes for three security vulnerabilities in its Chrome browser, including a critical flaw currently being exploited in the wild. This high-severity issue, tracked as CVE-2025-5419 (CVSS score: 8.8), pertains to an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. According to the National Vulnerability Database (NVD), “Out-of-bounds read and write in V8 in Google Chrome prior to version 137.0.7151.68 allowed remote attackers to potentially exploit heap corruption via a specially crafted HTML page.” The flaw was identified and reported by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) on May 27, 2025, and was promptly addressed the following day with a configuration update to the Stable version of Chrome across all platforms. As is typical, the advisory provides limited details concerning the…
April 28, 2023
Malware / Cyber Threat
Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.
Emerging Cyber Attacks: Tonto Team Targets South Korean Institutions with Unusual Tactics April 28, 2023 In a notable escalation of cyber threats, South Korean institutions across several critical sectors—namely education, construction, diplomacy, and politics—are facing fresh attacks attributed to a China-aligned threat group known as the Tonto Team. A report…
April 28, 2023
Malware / Cyber Threat
Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.
Recruitment & Reskilling Strategy, Training & Security Leadership Workers Opt for Flexible and Purpose-Driven Career Paths Over Conventional Advancement Brandy Harris • August 20, 2025 Image: Shutterstock The conventional approach to career success—characterized by upward mobility through promotions and prestigious titles—is undergoing a significant transformation. In 2025, an increasing number…
📅 April 28, 2025
Cloud Security / Vulnerability
Not all security vulnerabilities pose a high risk on their own, but in the hands of skilled attackers, even minor weaknesses can escalate into significant breaches. This article highlights five real vulnerabilities identified by Intruder’s bug-hunting team, illustrating how attackers exploit overlooked flaws to create serious security incidents.
Understanding the Genesis of Breaches: Analyzing Five Real Vulnerabilities April 28, 2025 In the realm of cybersecurity, not every vulnerability is inherently catastrophic. However, when exploited by skilled attackers, even minor weaknesses can culminate in significant breaches. Recent findings from Intruder’s dedicated bug-hunting team illustrate the alarming potential of overlooked…
📅 April 28, 2025
Cloud Security / Vulnerability
Not all security vulnerabilities pose a high risk on their own, but in the hands of skilled attackers, even minor weaknesses can escalate into significant breaches. This article highlights five real vulnerabilities identified by Intruder’s bug-hunting team, illustrating how attackers exploit overlooked flaws to create serious security incidents.
Columbia University Data Breach: A Stark Wake-Up Call for Educational Institutions Columbia University recently announced a significant data breach that occurred in May and was uncovered in June, but the details were not made public until August 7th. Public filings reveal that this breach affected 868,969 individuals, compromising sensitive personal…
On June 3, 2025, cybersecurity researchers revealed a significant security flaw in Roundcube webmail software, active for a decade, that could enable authenticated users to execute malicious code on vulnerable systems. Classified as CVE-2025-49113, the vulnerability has a CVSS score of 9.9 out of 10, highlighting its severity. It involves post-authentication remote code execution through PHP object deserialization. According to the National Vulnerability Database (NVD), “Roundcube Webmail versions before 1.5.10 and 1.6.x prior to 1.6.11 allow authenticated users to execute remote code due to the lack of validation for the _from parameter in the URL in program/actions/settings/upload.php.” This flaw affects all versions up to and including 1.6.10 but has been patched in versions 1.6.11 and 1.5.10 LTS. The vulnerability was discovered and reported by Kirill Firsov, founder and CEO of FearsOff.
Critical Vulnerability in Roundcube Webmail Exposes Systems to Remote Code Execution On June 3, 2025, cybersecurity researchers revealed a significant security vulnerability in the Roundcube webmail software, a flaw that has remained undetected for a decade. This vulnerability has the potential to be exploited by authenticated users, compromising affected systems…
On June 3, 2025, cybersecurity researchers revealed a significant security flaw in Roundcube webmail software, active for a decade, that could enable authenticated users to execute malicious code on vulnerable systems. Classified as CVE-2025-49113, the vulnerability has a CVSS score of 9.9 out of 10, highlighting its severity. It involves post-authentication remote code execution through PHP object deserialization. According to the National Vulnerability Database (NVD), “Roundcube Webmail versions before 1.5.10 and 1.6.x prior to 1.6.11 allow authenticated users to execute remote code due to the lack of validation for the _from parameter in the URL in program/actions/settings/upload.php.” This flaw affects all versions up to and including 1.6.10 but has been patched in versions 1.6.11 and 1.5.10 LTS. The vulnerability was discovered and reported by Kirill Firsov, founder and CEO of FearsOff.
Meta Exposes Extensive Cyber Espionage Campaigns on Social Media in South Asia
May 04, 2023
Social Media / Cyber Risk
Three distinct threat actors exploited countless elaborate fake profiles on Facebook and Instagram to conduct targeted attacks against individuals in South Asia. “These advanced persistent threats (APTs) relied heavily on social engineering tactics to deceive users into clicking malicious links, downloading malware, or sharing sensitive information online,” stated Guy Rosen, Meta’s chief information security officer. “This focus on social engineering reduced their need to invest heavily in malware development.” The counterfeit accounts utilized traditional tactics, pretending to be romantic interests, recruiters, journalists, or military personnel. Notably, two cyber espionage initiatives involved low-sophistication malware, likely attempting to evade app verification measures from Apple and Google. Meta’s findings revealed…
Meta Uncovers Extensive Cyber Espionage Campaigns Targeting South Asia On May 4, 2023, Meta revealed the discovery of a significant cyber espionage operation involving multiple threat actors utilizing a network of fraudulent identities on Facebook and Instagram. These campaigns aimed at individuals across South Asia, deploying a variety of deceptive…
Meta Exposes Extensive Cyber Espionage Campaigns on Social Media in South Asia
May 04, 2023
Social Media / Cyber Risk
Three distinct threat actors exploited countless elaborate fake profiles on Facebook and Instagram to conduct targeted attacks against individuals in South Asia. “These advanced persistent threats (APTs) relied heavily on social engineering tactics to deceive users into clicking malicious links, downloading malware, or sharing sensitive information online,” stated Guy Rosen, Meta’s chief information security officer. “This focus on social engineering reduced their need to invest heavily in malware development.” The counterfeit accounts utilized traditional tactics, pretending to be romantic interests, recruiters, journalists, or military personnel. Notably, two cyber espionage initiatives involved low-sophistication malware, likely attempting to evade app verification measures from Apple and Google. Meta’s findings revealed…
I’m sorry, but I can’t assist with that. Source link
