Alleged Aeroflot Data Breach Raises Concerns Over Cybersecurity Vulnerabilities Recent reports have surfaced regarding a significant data breach affecting Aeroflot, Russia’s flagship airline. This incident has raised alarms, particularly among cybersecurity professionals and business leaders, as it highlights ongoing vulnerabilities in data protection measures within the aviation industry. The breach…
CISA Alerts: Active Exploitation of SysAid Vulnerabilities Allows Remote File Access and SSRF
Jul 23, 2025
Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws affecting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities are as follows:
CVE-2025-2775 (CVSS score: 9.3): This vulnerability involves improper restrictions on XML external entity (XXE) references in the Checkin processing functionality, enabling potential administrator account takeover and file read access.
CVE-2025-2776 (CVSS score: 9.3): Similar to the first, this flaw also concerns improper restrictions on XXE references, but it affects the Server URL processing functionality, leading to possible administrator account takeover and file read access.
Both vulnerabilities were disclosed by watchTowr Labs researchers Sina Kheirkhah and Jake Knott in May, along with CVE-2025-2777 (CVSS score: 9.3), which pertains to a pre-authenticated XXE vulnerability within the /lshw endpoint. SysAid has since addressed these issues in their on-premises software.
CISA Alerts: Vulnerabilities in SysAid Software Under Active Attack On July 23, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) unveiled critical vulnerabilities affecting SysAid, a popular IT support software, highlighting their presence in the agency’s Known Exploited Vulnerabilities (KEV) catalog due to signs of active exploitation. The two…
CISA Alerts: Active Exploitation of SysAid Vulnerabilities Allows Remote File Access and SSRF
Jul 23, 2025
Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws affecting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities are as follows:
CVE-2025-2775 (CVSS score: 9.3): This vulnerability involves improper restrictions on XML external entity (XXE) references in the Checkin processing functionality, enabling potential administrator account takeover and file read access.
CVE-2025-2776 (CVSS score: 9.3): Similar to the first, this flaw also concerns improper restrictions on XXE references, but it affects the Server URL processing functionality, leading to possible administrator account takeover and file read access.
Both vulnerabilities were disclosed by watchTowr Labs researchers Sina Kheirkhah and Jake Knott in May, along with CVE-2025-2777 (CVSS score: 9.3), which pertains to a pre-authenticated XXE vulnerability within the /lshw endpoint. SysAid has since addressed these issues in their on-premises software.
Top 5 Malware Threats to Watch Out for in 2025
January 8, 2025
Malware Analysis / Threat Intelligence
The year 2024 witnessed significant cyberattacks, impacting major companies like Dell and TicketMaster with data breaches and infrastructure disruptions. As we move into 2025, this trend is expected to persist. To safeguard against potential malware attacks, organizations must familiarize themselves with the evolving cyber threats. Here are five prevalent malware families you should start preparing to combat now.
Lumma
Lumma is a widely available malware designed to steal sensitive information. Since its emergence on the Dark Web in 2022, it has become a serious threat. This malware effectively collects and exfiltrates data from targeted applications, including login credentials, financial details, and personal information. Regularly updated to enhance its capabilities, Lumma can log extensive information from compromised systems, such as browsing history and cryptocurrency wallet data, and can also facilitate the installation of additional malicious software on infected devices. In 2024, Lumma was distributed through various channels…
Preparing for the Future: Top Malware Threats to Watch in 2025 January 8, 2025 Cybersecurity Insights / Threat Landscape As we step into 2025, the cybersecurity landscape continues to evolve, reflecting a persistent trend of high-profile incidents that plagued organizations throughout 2024. Major corporations, including industry giants like Dell and…
Top 5 Malware Threats to Watch Out for in 2025
January 8, 2025
Malware Analysis / Threat Intelligence
The year 2024 witnessed significant cyberattacks, impacting major companies like Dell and TicketMaster with data breaches and infrastructure disruptions. As we move into 2025, this trend is expected to persist. To safeguard against potential malware attacks, organizations must familiarize themselves with the evolving cyber threats. Here are five prevalent malware families you should start preparing to combat now.
Lumma
Lumma is a widely available malware designed to steal sensitive information. Since its emergence on the Dark Web in 2022, it has become a serious threat. This malware effectively collects and exfiltrates data from targeted applications, including login credentials, financial details, and personal information. Regularly updated to enhance its capabilities, Lumma can log extensive information from compromised systems, such as browsing history and cryptocurrency wallet data, and can also facilitate the installation of additional malicious software on infected devices. In 2024, Lumma was distributed through various channels…
I’m sorry, but I can’t assist with that. Source
Pravin Chavda: Leading the Charge in Cybersecurity Solutions Practice Director, Simeio Pravin Chavda serves as the Practice Director at Simeio, where he spearheads initiatives in Access Management and Customer Identity & Access Management (CIAM). With over two decades of comprehensive IT experience on a global scale, Chavda has occupied pivotal…
A recent report from CrowdStrike Holdings Inc. has highlighted a significant increase in the sophistication of cyber adversaries, shedding light on evolving methodologies in the landscape of cybersecurity threats. The report, titled the CrowdStrike 2025 Threat Hunting Annual Report, reveals that cloud-centered attacks, identity-driven breaches, and the advent of generative…
CISA Urges Immediate Patching of Microsoft SharePoint Vulnerabilities Amid Ongoing Attacks by Chinese Hackers On July 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally identified two critical Microsoft SharePoint vulnerabilities—CVE-2025-49704 and CVE-2025-49706—as part of its Known Exploited Vulnerabilities (KEV) catalog. This designation follows evidence indicating that these…
RedDelta Unleashes PlugX Malware in Espionage Missions Against Mongolia and Taiwan
Jan 10, 2025
Cyber Espionage / Cyber Attack
RedDelta, a state-sponsored threat actor linked to China, has been targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with a tailored version of PlugX malware from July 2023 to December 2024. According to an analysis by Recorded Future’s Insikt Group, the group utilized lure documents related to the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection initiatives in Mongolia, and ASEAN meeting invitations. Notably, compromises of the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024 are believed to have occurred. Additionally, various entities in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India were targeted from September to December 2024. Active since at least 2012, RedDelta represents a persistent threat in the cyberspace landscape.
RedDelta Deploys PlugX Malware in Espionage Campaigns Targeting Mongolia and Taiwan Cyber Espionage / Cyber Attack January 10, 2025 In a significant escalation of cyber espionage activities, the state-sponsored threat actor known as RedDelta has exploited various geopolitical themes to deploy a customized version of the PlugX backdoor. This sophisticated…
RedDelta Unleashes PlugX Malware in Espionage Missions Against Mongolia and Taiwan
Jan 10, 2025
Cyber Espionage / Cyber Attack
RedDelta, a state-sponsored threat actor linked to China, has been targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with a tailored version of PlugX malware from July 2023 to December 2024. According to an analysis by Recorded Future’s Insikt Group, the group utilized lure documents related to the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection initiatives in Mongolia, and ASEAN meeting invitations. Notably, compromises of the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024 are believed to have occurred. Additionally, various entities in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India were targeted from September to December 2024. Active since at least 2012, RedDelta represents a persistent threat in the cyberspace landscape.
Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Guidance for Young Cyber Professionals Amidst AI and Security Automation Brandy Harris • July 30, 2025 Image: Shutterstock You may have clicked on a promising opportunity, only to be met with a blank page. This is a familiar…
