Zero-Day Vulnerability Discovered in Apache OfBiz ERP System A serious zero-day vulnerability has been identified in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. This flaw poses significant risks as it could potentially allow attackers to bypass essential authentication safeguards. The vulnerability is classified as CVE-2023-51467, linked specifically to…
Recent research has uncovered four new variants of HTTP request smuggling attacks that pose threats to a range of widely used web and HTTP proxy servers. Amit Klein, Vice President of Security Research at SafeBreach, shared these findings at the Black Hat security conference, emphasizing that vulnerabilities in web servers…
AI Face-Swapping App Linked to Cybercrime in Southeast Asia The artificial intelligence application Haotian, designed for face-swapping capabilities, has emerged as a major player in the realm of online fraud. This Chinese-language app has reportedly generated millions of dollars by providing its technology through platforms like Telegram, facilitating integration with…
Data Breach at Typeform Exposes User Information Typeform, a prominent data collection firm based in Spain, has reported a data breach that has potentially compromised the information of some users. This incident was identified on June 27, prompting the company to conduct a comprehensive forensic investigation to ascertain the breach’s…
Fraud Management & Cybercrime, Governance & Risk Management, Multi-factor & Risk-based Authentication Practical Steps to Enhance Security and Resilience Sean D. Mack • December 17, 2025 Image: Shutterstock Leaders of small and mid-sized enterprises (SMEs) frequently assert, “We’re too small to be a target.” This misconception endangers their organizations, especially…
Class Action Settlements in Healthcare Data Breaches In a recent development, three healthcare providers have reached settlements in a class action lawsuit concerning data breaches that compromised sensitive patient information. This agreement reflects a growing concern over patient data security and the responsibilities of healthcare entities in safeguarding personal health…
Recent research from Ruhr University Bochum has revealed a critical security vulnerability in the Secure Shell (SSH) protocol, which is widely used for secure communications over untrusted networks. The vulnerability, designated as Terrapin (CVE-2023-48795), exhibits a CVSS score of 5.9, signaling its potential significance in the cybersecurity landscape. This vulnerability…
Emotet Malware: A Case Study in Cybersecurity Countermeasures In a notable development in cybersecurity, research into the Emotet malware—a widely recognized email-based threat responsible for numerous botnet-driven spam and ransomware assaults—has revealed a significant vulnerability. Cybersecurity experts were able to exploit this flaw to implement a temporary kill-switch, effectively halting…
In a troubling revelation, Facebook has acknowledged that it provided various technology companies and app developers with continued access to user data, despite its public assertions in 2015 that such access had been curtailed. This admission offers a rare glimpse into how the social media giant manages personal information within…
