On December 23, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability affecting Acclaim Systems USAHERDS to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows verifiable evidence that the flaw has been actively exploited. The vulnerability, identified as CVE-2021-44207, has a CVSS…
A recent coordinated operation by law enforcement officials has led to the apprehension of 11 alleged members of a Nigerian cybercrime syndicate involved in numerous business email compromise (BEC) attacks. This group’s activities have reportedly targeted over 50,000 victims globally in recent years. The crackdown, termed Operation Falcon II, stemmed…
New Android Vulnerability Exposes User Data to Attackers Recent research has unveiled a serious vulnerability affecting Android devices, enabling the covert theft of sensitive information, including two-factor authentication codes and user location histories, all within a mere 30 seconds. This attack, termed “Pixnapping,” was developed by a team of academic…
Identity services provider Okta has reported discovering “additional threat actor activity” related to a breach affecting its support case management system that occurred in October 2023. The breach reportedly involved unauthorized access to the names and email addresses of all users within Okta’s customer support system, a significant concern for…
Critical Infrastructure Security Dutch Ministry Implements National Security Law to Assume Control of Domestic Semiconductor Firm Anviksha More (AnvikshaMore), David Perera (@daveperera) • October 13, 2025 Image: Shutterstock The Dutch government has invoked a national security law to sever control of the semiconductor manufacturer Nexperia from its Chinese parent company,…
New Discovery Unveils Credential-Driven Campaign Targeting SonicWall Devices Recent findings by cybersecurity firm Huntress reveal a new and concerning trend in cyberattacks, indicating a credential-based campaign aimed at SonicWall SSLVPN devices. The investigation, which began around October 4, detected significant login activity from IP addresses linked to attackers, including one…
The Apache Software Foundation (ASF) has recently issued critical security updates to address a significant vulnerability in Apache Traffic Control. This flaw presents an opportunity for attackers to execute unauthorized Structured Query Language (SQL) commands against the database, should the exploit be successful. The vulnerability, identified as CVE-2024-45387, has been…
An ongoing espionage initiative attributed to the threat group known as Molerats has been leveraging widely used cloud services, including Google Drive and Dropbox, as a method for distributing malware and facilitating command-and-control operations. This cyber offensive is reportedly focused on targets across the Middle East and has been active…
Recent findings indicate that individuals around the globe could replicate a sensitive data collection operation, utilizing readily available satellite hardware. Researchers conducted an experiment employing standard satellite technology: a $185 satellite dish, a $140 roof mount, a $195 motor, and a $230 tuner card, all totaling under $800. This highlights…
