On Friday, the Apache Software Foundation (ASF) released version 2.17.0 of its widely adopted logging library, Log4j, addressing a new vulnerability that malicious actors can exploit for denial-of-service (DoS) attacks. This vulnerability is identified as CVE-2021-45105, rated with a CVSS score of 7.5, and affects all iterations of the tool…
Passwords are integral to safeguarding organizational data, yet their inherent vulnerabilities often lead to significant security risks. As users juggle a multitude of credentials, many resort to unsafe practices, such as creating weak passwords or reusing the same password across multiple accounts, which undermines security protocols. The prevalence of password…
Data Security, Finance & Banking, Industry Specific Details on Breach Notification Service: Victim Count in Peer-to-Peer Lending Marketplace Mathew J. Schwartz (euroinfosec) • October 17, 2025 Image: Shutterstock/Prosper In a significant breach, hackers reportedly accessed personal information of over 17 million users from Prosper, a peer-to-peer lending platform. The incident…
Envoy Air, a fully owned subsidiary of American Airlines, has confirmed it has been targeted in a cyber attack that compromised vulnerabilities within Oracle’s E-Business Suite (EBS). This incident highlights a pressing concern regarding the cybersecurity posture of enterprise software within the aviation industry. The breach came to light through…
Microsoft Wraps Up 2024 Patch Tuesday with Critical Security Fixes Microsoft concluded its Patch Tuesday updates for December 2024, addressing a total of 72 security vulnerabilities across its software ecosystem, including a specific flaw reported as actively exploited in the wild. Of these vulnerabilities, 17 have been classified as Critical,…
Backdoor Compromise Targets U.S. Federal Government Entity in APT-Style Attack A federal U.S. commission linked to international rights has suffered a significant security breach, as revealed by researchers who characterized the incident as a “classic APT-type operation.” The attack reportedly infiltrated the commission’s internal network through a backdoor, potentially compromising…
markdown In a groundbreaking revelation, researchers from UC San Diego and the University of Maryland have uncovered alarming vulnerabilities in satellite communications this week. Their study highlights that various sensitive data—including T-Mobile calls, text messages, in-flight Wi-Fi browsing sessions, and military communications—are being transmitted without encryption, potentially exposing them to…
Data Breach at D-Link Exposes Legacy Information D-Link, a Taiwanese manufacturer specializing in networking equipment, has acknowledged a data breach that resulted in the exposure of information considered to be “low-sensitivity and semi-public.” The company clarified that the compromised data was not sourced from its cloud systems but rather likely…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Phishing Campaigns Transition from China to Malaysia Targeting Chinese-Speakers Prajeet Nair ( @prajeetspeaks) • October 17, 2025 Image: Shutterstock Recent investigations reveal that a series of coordinated cyberattacks targeting Chinese-speaking individuals across the Asia-Pacific region can be traced back to a single…
