A recently uncovered security vulnerability in Apache Tomcat has begun to see active exploitation shortly after its disclosure. The flaw, designated as CVE-2025-24813, was made publicly available along with a proof-of-concept (PoC) within just 30 hours of its initial announcement. This vulnerability impacts several versions of Apache Tomcat, including 11.0.0-M1…
A recently reported cybersecurity incident has revealed a stealthy infection chain employed by the Chinese state-sponsored group known as Stone Panda. This threat actor has been targeting various entities in Japan, including media outlets, governmental and public sector organizations, as well as think tanks, raising alarms about the potential risk…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Recent Cyberattacks Target Ophthalmology Practices in South Dakota and Florida Marianne Kolbasuk McGee (HealthInfoSec) • September 16, 2025 Major hacking breaches have affected the Retina Group of Florida and Black Hills Regional Eye Institute this year. (Image: Retina Group of Florida,…
Rise of RansomHub: A Resurgent Threat in Cybercrime The RansomHub ransomware-as-a-service (RaaS) group has emerged as a significant player in the cybercrime landscape, capitalizing on previously patched vulnerabilities in Microsoft Active Directory and the Netlogon protocol to facilitate unauthorized access to victim networks. Recent analyses highlight the group’s ability to…
A US-based fintech company, FinWise, has alerted its customers about a potential data breach stemming from an insider threat. The organization, which facilitates loans on behalf of various American financial institutions, disclosed that a former employee accessed sensitive customer information after their departure from the company. According to filings made…
Serious Security Flaw Discovered in AMI’s MegaRAC BMC Software A significant security vulnerability has been identified within AMI’s MegaRAC Baseboard Management Controller (BMC) software, which allows malicious actors to bypass authentication processes and execute unauthorized actions on affected systems. This vulnerability is classified as CVE-2024-54085, and it has been assigned…
The rise of the InterPlanetary Filesystem (IPFS) has been both beneficial and problematic, particularly as it has surfaced as a platform leveraged by cybercriminals for various malicious activities. According to a recent analysis from Cisco Talos researcher Edmund Brumaghin, numerous phishing campaigns are exploiting IPFS to host malware, phishing kits,…
Cybercrime, Fraud Management & Cybercrime Prosecutors Seek 188-Month Sentence for Conor ‘Pompompurin’ Fitzpatrick David Perera (@daveperera) • September 16, 2025 The U.S. District Court for the Eastern District of Virginia. (Image: DCStockPhotography/Shutterstock) Conor Brian Fitzpatrick, the founder of the first iteration of the BreachForums cybercrime forum, received a three-year prison…
Sure! Here’s a rewritten version of the provided content, tailored for a US-based, tech-savvy professional audience: Evaluating Additional VPN Providers Recent assessments have revealed significant insights into various VPN providers, underscoring contrasting capabilities in speed, privacy, and overall user experience. Private Internet Access (PIA) has established itself as a longstanding…
