Significant Supply Chain Attack Discovered in XZ Utils, Posing Serious Risks to Linux Users A profound security threat has emerged following the discovery of malicious code inserted into XZ Utils, an open-source library used extensively in numerous major Linux distributions. This vulnerability, identified as CVE-2024-3094 and given a critical CVSS…
Recent investigations have linked a malicious web shell deployed on Windows systems to a possible Chinese cyber threat group, following the exploitation of an undisclosed zero-day vulnerability in SolarWinds’ Orion network monitoring software. The cybersecurity firm Secureworks reported that this breach involved a web shell referred to as Supernova, which…
Governance & Risk Management, Healthcare, Industry Specific Settlement Approved in Class Action Linked to Former Employee’s Data Breach Marianne Kolbasuk McGee (HealthInfoSec) • November 20, 2025 A federal court has granted preliminary approval for a $5 million settlement in a breach lawsuit involving a former Nuance employee and Geisinger Health.…
On Monday, Microsoft announced the rollout of a new one-click mitigation software aimed at shielding susceptible environments from the ongoing ProxyLogon cyberattacks targeting Exchange Servers. This tool, known as the Exchange On-premises Mitigation Tool (EOMT), employs PowerShell to implement necessary countermeasures against known vulnerabilities, specifically CVE-2021-26855. It also conducts scans…
Cybersecurity Insights: User Awareness and System Vulnerabilities Recent discussions spotlight the ongoing challenges related to user prompts in cybersecurity protocols, which are often meant to safeguard individuals from malicious activities. While the intentions behind such alerts are commendable, their effectiveness largely hinges on users comprehending the warnings and exercising caution…
In April 2024, Microsoft announced a critical security update addressing an unprecedented 149 vulnerabilities, with two of these flaws identified as actively exploited threats. This latest update categorizes three of the vulnerabilities as Critical, 142 as Important, three as Moderate, and one as Low in severity. Additionally, the update follows…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Iranian Hacking Group Unleashes Array of Custom Malware Variants Akshaya Asokan (asokan_akshaya) • November 18, 2025 Image: Evgeniyqw/Shutterstock Google has issued a warning regarding a state-sponsored Iranian hacking group known for targeting the aerospace and defense sectors in the Middle East. This…
Following Microsoft’s recent release of a mitigation tool aimed at addressing cyberattacks targeting on-premises Exchange servers, the company reported that 92% of the internet-facing servers affected by the ProxyLogon vulnerabilities have been patched. This marks a substantial improvement of 43% from the previous week, closing a tumultuous period rife with…
Recent research reveals that the conversion process from DOS to NT paths in Windows represents a potential exploitation vector for threat actors, enabling rootkit-like functionality that could hide and impersonate files, directories, and processes. According to Or Yair, a security researcher from SafeBreach, when users invoke functions that involve a…
