Tag cybersecurity

German and South Korean Agencies Caution Against Kimsuky’s Growing Cyber Attack Techniques

Cyber Threat Alert: Kimsuky Group Targets Gmail Inboxes Using Rogue Browser Extensions Recent advisories from government agencies in Germany and South Korea have highlighted a concerning wave of cyberattacks attributed to a North Korean threat actor known as Kimsuky. This group has been leveraging malicious browser extensions to infiltrate users’…

Read MoreGerman and South Korean Agencies Caution Against Kimsuky’s Growing Cyber Attack Techniques

UK and US Hold Three Chinese Tech Companies Accountable for Global Cyberattacks

A coalition of international cybersecurity organizations, spearheaded by the UK’s National Cyber Security Centre (NCSC), has publicly implicated three technology firms based in China in a sustained global cyberattack campaign. In a recent advisory, the NCSC and partners from twelve nations—including the United States, Australia, Canada, New Zealand, Czech Republic,…

Read MoreUK and US Hold Three Chinese Tech Companies Accountable for Global Cyberattacks

Closing the Gap Between IT and OT Security in Manufacturing

Governance & Risk Management, Operational Technology (OT), Video CISO Tammy Klotz Highlights Peer Support Ahead of ManuSec 2025 Cecilia Limonta • August 15, 2025 Tammy Klotz, CISO, Trinseo In the realm of manufacturing, organizations encounter a myriad of challenges in securing their Operational Technology (OT) and Information Technology (IT) systems.…

Read MoreClosing the Gap Between IT and OT Security in Manufacturing

Critical Flaws in Versa Concerto Allow Attackers to Escape Docker and Compromise Hosts

May 22, 2025
Vulnerability / Software Security

Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:

  • CVE-2025-34025 (CVSS score: 8.6): A privilege escalation and Docker container escape vulnerability resulting from unsafe default mounting of host binary paths, potentially allowing code execution on the host system.

Critical Security Vulnerabilities in Versa Concerto Expose Hosts to Exploitation May 22, 2025 Vulnerability / Software Security Recent investigations by cybersecurity experts have illuminated serious security weaknesses within the Versa Concerto network security and SD-WAN orchestration platform. These critical vulnerabilities could potentially allow malicious actors to gain control over affected…

Read More

Critical Flaws in Versa Concerto Allow Attackers to Escape Docker and Compromise Hosts

May 22, 2025
Vulnerability / Software Security

Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:

  • CVE-2025-34025 (CVSS score: 8.6): A privilege escalation and Docker container escape vulnerability resulting from unsafe default mounting of host binary paths, potentially allowing code execution on the host system.

DOGE Creates Live Replica of Social Security Data

Government, Industry Specific Department of Government Efficiency Staffers Established Unauthorized ‘Live Replica’ of SSA Data Chris Riotta • August 26, 2025 Image: Matt Gush/Shutterstock A report published Tuesday by a whistleblower reveals that staffers from the Trump administration’s Department of Government Efficiency (DOGE) created an unauthorized live replica of Social…

Read MoreDOGE Creates Live Replica of Social Security Data

⚡ Weekly Update: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

📅 April 21, 2025
Cybersecurity / Hacking News

Can a seemingly harmless click trigger a major cyberattack? Surprisingly, yes. Last week’s events highlighted how hackers are adept at blending in with routine actions—whether it’s opening a file, initiating a project, or logging in normally. There are no loud alerts or glaring red flags; instead, attackers slip through unnoticed, exploiting minor weaknesses like misconfigured systems, trusted browser features, or recycled login credentials. These are not merely technical glitches—they reflect habits that are being exploited. Join us as we review the most significant developments from the week and their implications for your security.

⚡ Threat of the Week

Active Exploitation of Newly Patched Windows Vulnerability — A recently addressed security flaw affecting Windows NTLM has come under active attack, allowing malicious actors to leak NTLM hashes or user passwords since March 19, 2025. This vulnerability, identified as CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing issue that Microsoft corrected last month during its Patch Tuesday updates.

Weekly Cybersecurity Recap: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, and More April 21, 2025 Cybersecurity Updates Recent events in the cybersecurity landscape have underscored the fragility of digital safety, revealing that seemingly innocuous actions, such as clicking a link or opening a file, can precipitate serious cyberattacks. These incidents highlight…

Read More

⚡ Weekly Update: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

📅 April 21, 2025
Cybersecurity / Hacking News

Can a seemingly harmless click trigger a major cyberattack? Surprisingly, yes. Last week’s events highlighted how hackers are adept at blending in with routine actions—whether it’s opening a file, initiating a project, or logging in normally. There are no loud alerts or glaring red flags; instead, attackers slip through unnoticed, exploiting minor weaknesses like misconfigured systems, trusted browser features, or recycled login credentials. These are not merely technical glitches—they reflect habits that are being exploited. Join us as we review the most significant developments from the week and their implications for your security.

⚡ Threat of the Week

Active Exploitation of Newly Patched Windows Vulnerability — A recently addressed security flaw affecting Windows NTLM has come under active attack, allowing malicious actors to leak NTLM hashes or user passwords since March 19, 2025. This vulnerability, identified as CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing issue that Microsoft corrected last month during its Patch Tuesday updates.

Wyden Demands Investigation into Federal Judiciary Data Breaches, Citing ‘Negligence’

The Supreme Court is facing pressure for an independent investigation into the repercussions of recent cyberattacks and data breaches affecting the federal judiciary’s networks. On Monday, Senator Ron Wyden publicly urged Chief Justice John Roberts to authorize such a review, emphasizing a pressing need to understand the scope and implications…

Read MoreWyden Demands Investigation into Federal Judiciary Data Breaches, Citing ‘Negligence’

UAE Cyber Security Council Reports Over 12,000 Wi-Fi Breaches in the Country This Year

Increased Cyber Threats in the UAE: Over 12,000 Attacks Recorded in 2023 Abu Dhabi, SANA—The UAE Cyber Security Council has disclosed a startling statistic: more than 12,000 cyberattacks have been documented this year, a significant portion stemming from open and untrusted Wi-Fi networks. This alarming figure represents approximately 35% of…

Read MoreUAE Cyber Security Council Reports Over 12,000 Wi-Fi Breaches in the Country This Year