Eight years after a researcher alerted WhatsApp to vulnerabilities allowing mass extraction of user phone numbers, a new investigation from the University of Vienna has confirmed that this issue persists. The researchers employed a technique exploiting WhatsApp’s discovery function, which allows individuals to check if a phone number is registered…
Red Hat Issues Urgent Security Alert Following Backdoor Discovery in XZ Utils On Friday, Red Hat issued an urgent security alert, revealing a critical security vulnerability involving two versions of the widely-used data compression library known as XZ Utils, previously LZMA Utils. This vulnerability allows malicious actors to gain unauthorized…
On Sunday, the European Banking Authority (EBA) reported a cyberattack that compromised its Microsoft Exchange Servers. As a precautionary step, the agency took its email systems offline temporarily. This incident raises significant concerns as it may have allowed unauthorized access to personal data stored in emails. The EBA, located in…
Significant Supply Chain Attack Discovered in XZ Utils, Posing Serious Risks to Linux Users A profound security threat has emerged following the discovery of malicious code inserted into XZ Utils, an open-source library used extensively in numerous major Linux distributions. This vulnerability, identified as CVE-2024-3094 and given a critical CVSS…
Recent investigations have linked a malicious web shell deployed on Windows systems to a possible Chinese cyber threat group, following the exploitation of an undisclosed zero-day vulnerability in SolarWinds’ Orion network monitoring software. The cybersecurity firm Secureworks reported that this breach involved a web shell referred to as Supernova, which…
Governance & Risk Management, Healthcare, Industry Specific Settlement Approved in Class Action Linked to Former Employee’s Data Breach Marianne Kolbasuk McGee (HealthInfoSec) • November 20, 2025 A federal court has granted preliminary approval for a $5 million settlement in a breach lawsuit involving a former Nuance employee and Geisinger Health.…
On Monday, Microsoft announced the rollout of a new one-click mitigation software aimed at shielding susceptible environments from the ongoing ProxyLogon cyberattacks targeting Exchange Servers. This tool, known as the Exchange On-premises Mitigation Tool (EOMT), employs PowerShell to implement necessary countermeasures against known vulnerabilities, specifically CVE-2021-26855. It also conducts scans…
Cybersecurity Insights: User Awareness and System Vulnerabilities Recent discussions spotlight the ongoing challenges related to user prompts in cybersecurity protocols, which are often meant to safeguard individuals from malicious activities. While the intentions behind such alerts are commendable, their effectiveness largely hinges on users comprehending the warnings and exercising caution…
In April 2024, Microsoft announced a critical security update addressing an unprecedented 149 vulnerabilities, with two of these flaws identified as actively exploited threats. This latest update categorizes three of the vulnerabilities as Critical, 142 as Important, three as Moderate, and one as Low in severity. Additionally, the update follows…
