On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a recently patched critical vulnerability affecting Array Networks AG and vxAG secure access gateways in its Known Exploited Vulnerabilities (KEV) catalog. This addition follows credible reports indicating active exploitation of the flaw in real-world scenarios. The vulnerability, designated as…
Ukraine’s leading law enforcement and counterintelligence agency has revealed the identities of five individuals allegedly involved in a series of digital intrusions tied to a cyber-espionage group known as Gamaredon, with connections to Russia’s Federal Security Service (FSB). This disclosure highlights the agency’s ongoing efforts to combat cyber threats directed…
A sophisticated cyber operation, dubbed “PhantomCaptcha,” has targeted prominent humanitarian organizations and government entities engaged in war relief efforts in Ukraine, as detailed in recent research by SentinelLABS. The campaign has notably affected major organizations such as the International Red Cross, UNICEF, and the Norwegian Refugee Council, along with various…
In a significant development within the cybersecurity landscape, Conor Brian Fitzpatrick, a 20-year-old who operated the now-defunct BreachForums, has been formally charged with conspiracy to commit access device fraud in the United States. This notable case highlights the growing scrutiny on online platforms facilitating cybercrime. Fitzpatrick, known online as “pompompurin,”…
• October 23, 2025 As the landscape of digital transactions transitions from human-catalyzed interactions to autonomous decision-making aided by artificial intelligence, significant shifts in the payment lifecycle are essential. Companies must now focus on establishing frameworks for trust, intent, and identity in automated environments. In a recent discussion featuring industry…
A recent cyber threat known as GlassWorm has been detected, specifically targeting developers utilizing Visual Studio Code extensions via the OpenVSX marketplace. Koi Security unveiled this campaign, which leverages trusted extensions to automatically propagate across various development environments while employing stolen credentials to facilitate further infections. Distinct from typical malware…
Recent analysis has revealed that the China-linked hacking group, known as Earth Estries, is employing a previously unidentified backdoor named GHOSTSPIDER in its cyber operations directed at telecommunications firms in Southeast Asia. This development highlights an evolving threat landscape, where traditional boundaries of cybersecurity are increasingly tested. Trend Micro, which…
Recent investigations have unveiled that a state-sponsored threat actor believed to have ties to Iran has conducted a series of targeted cyberattacks against internet service providers (ISPs) and telecommunications operators in countries such as Israel, Morocco, Tunisia, and Saudi Arabia. Additionally, a ministry of foreign affairs in Africa was also…
Critical Vulnerabilities Identified in BIND Could Enable Cache Poisoning Attacks A recent disclosure from BIND developers has outlined significant vulnerabilities linked to the software’s Pseudo Random Number Generator (PRNG). These flaws may allow attackers to predict the source port and query ID employed by BIND, potentially allowing for successful spoofing…
