Recent investigative findings from cybersecurity firm Binarly have uncovered a critical security vulnerability in the Lighttpd web server, commonly employed in baseboard management controllers (BMCs) produced by major vendors such as Intel and Lenovo. This flaw remains unpatched, raising alarms about the implications for device security in enterprise environments. The…
A renewed campaign backed by the North Korean government is targeting cybersecurity researchers through sophisticated social engineering tactics involving malware. This resurgence was detailed in a recent report from Google’s Threat Analysis Group (TAG). According to TAG, the attackers established a fictitious security firm named SecuriElite and created multiple social…
Massive Data Exposure on WhatsApp Highlights Privacy Vulnerabilities In a significant development for data privacy, researchers from Austria have demonstrated that a systematic check of WhatsApp’s contact discovery feature has led to the exposure of an estimated 3.5 billion phone numbers associated with users of the messaging platform. This capability…
Indian Government Addresses Security Flaw in Digilocker Service The Indian Government has confirmed the resolution of a significant vulnerability within its secure document wallet service, Digilocker. This flaw potentially allowed unauthorized remote access, enabling attackers to bypass mobile one-time passwords (OTPs) and gain unauthorized sign-in access to other users’ accounts.…
Governance & Risk Management, Operational Technology (OT) Trellix Warns of Rising Threats to PLCs from Cyber Attackers Greg Sirico • November 18, 2025 Image: Shutterstock Cybersecurity firm Trellix has issued a stark warning regarding the increasing vulnerability of programmable logic controllers (PLCs) within operational technology environments. Their report highlights a…
Discovery Practice Management Settles Lawsuit Over 2020 Data Breach In a significant development for the cybersecurity landscape, Discovery Practice Management has reached a settlement regarding a data breach that occurred in 2020. This incident has raised concerns among business owners about the vulnerabilities inherent in the handling of sensitive patient…
The developers of the PuTTY Secure Shell (SSH) and Telnet client have issued a warning about a critical vulnerability affecting versions 0.68 through 0.80. This flaw poses a significant risk, allowing attackers to potentially recover NIST P-521 (ecdsa-sha2-nistp521) private keys, compromising the security of authenticated sessions. Identified as CVE-2024-31497, the…
A 22-year-old resident of Ellsworth County, Kansas, faces serious allegations after being indicted for unauthorized access to a public water facility’s computer system. This breach potentially endangered the safety and well-being of the community’s residents. The individual, identified as Wyatt A. Travnichek, has been charged with tampering with the public…
On October 24, 2025, Microsoft Azure experienced an unprecedented Distributed-Denial-of-Service (DDoS) attack, marking the highest recorded assault on cloud infrastructure to date. This significant cyber event peaked at 15.72 Terabits per second (Tbps) and 3.64 billion packets per second (pps), specifically targeting a single endpoint located in Australia. In a…
