Critical Vulnerability Discovered in BillQuick Billing Software Exploited by Ransomware Actors Cybersecurity experts revealed a serious vulnerability in the BillQuick time and billing software, which has been actively targeted by threat actors to deploy ransomware. This flaw, designated as CVE-2021-42258, involves an SQL injection attack enabling remote code execution, putting…
Ukraine’s leading law enforcement and counterintelligence agency has revealed the identities of five individuals allegedly involved in a series of digital intrusions tied to a cyber-espionage group known as Gamaredon, with connections to Russia’s Federal Security Service (FSB). This disclosure highlights the agency’s ongoing efforts to combat cyber threats directed…
A sophisticated cyber operation, dubbed “PhantomCaptcha,” has targeted prominent humanitarian organizations and government entities engaged in war relief efforts in Ukraine, as detailed in recent research by SentinelLABS. The campaign has notably affected major organizations such as the International Red Cross, UNICEF, and the Norwegian Refugee Council, along with various…
Recent Cyber Surveillance Attacks Target North Korean Defectors and Journalists In a disturbing development, advanced persistent threats (APTs) linked to nation-state actors have launched a series of highly-targeted surveillance attacks against North Korean defectors, journalists covering North Korea, and associated organizations based in South Korea. Reports from Russian cybersecurity firm…
Microsoft Wraps Up 2024 Patch Tuesday with Critical Security Fixes Microsoft concluded its Patch Tuesday updates for December 2024, addressing a total of 72 security vulnerabilities across its software ecosystem, including a specific flaw reported as actively exploited in the wild. Of these vulnerabilities, 17 have been classified as Critical,…
Endpoint Security, Hardware / Chip-level Security Eclypsium Uncovers UEFI Vulnerability in Framework Laptops and Desktops Pooja Tikekar (@PoojaTikekar) • October 15, 2025 Image: Shutterstock Security researchers from Eclypsium have identified a critical firmware weakness in approximately 200,000 laptops and desktops manufactured by the modular company Framework. This vulnerability…
A persistent threat actor, suspected to have ties to an Indian cybersecurity firm, has been actively attacking military organizations in South Asia since at least September 2020. The targeted nations include Bangladesh, Nepal, and Sri Lanka, with various iterations of their specialized malware framework used in each assault. According to…
New Discovery Unveils Credential-Driven Campaign Targeting SonicWall Devices Recent findings by cybersecurity firm Huntress reveal a new and concerning trend in cyberattacks, indicating a credential-based campaign aimed at SonicWall SSLVPN devices. The investigation, which began around October 4, detected significant login activity from IP addresses linked to attackers, including one…
In the latest edition of the Cybersecurity Newsletter, we explore significant vulnerabilities and threats currently impacting the digital environment. This week’s focus highlights several critical incidents that occurred leading up to October 12, 2025, including a Discord platform breach, a substantial data leak at Red Hat, and concerning vulnerabilities associated…
