In the latest edition of the Cybersecurity Newsletter, we explore significant vulnerabilities and threats currently impacting the digital environment. This week’s focus highlights several critical incidents that occurred leading up to October 12, 2025, including a Discord platform breach, a substantial data leak at Red Hat, and concerning vulnerabilities associated…
Recent findings by cybersecurity experts have unveiled a considerable vulnerability in the Microsoft Active Directory Group Policy designed to disable the authentication method NT LAN Manager (NTLM) version 1. Researchers indicate that a misconfiguration within on-premises applications is capable of easily bypassing this Group Policy measure. According to Dor Segal,…
A newly addressed security vulnerability in the popular 7-Zip archiving tool has been actively exploited to distribute the SmokeLoader malware, raising significant concerns in the cybersecurity community. This vulnerability, identified as CVE-2025-0411, has a CVSS score of 7.0 and enables remote attackers to bypass mark-of-the-web (MotW) protections and run arbitrary…
A newly emerging service known as Dark Utilities has gained popularity among cybercriminals, with approximately 3,000 users drawn to its capability to provide command-and-control (C2) services aimed at seizing control of compromised systems. This platform has positioned itself as a “C2-as-a-Service” (C2aaS), marketed for tasks including remote access, command execution,…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Social Engineering Iranian Hackers Pose as Online Recruiters Prajeet Nair (@prajeetspeaks) • September 23, 2025 Image: Shutterstock Recent reports reveal that Western Europeans employed in aerospace, defense manufacturing, and telecommunications are being targeted by Iranian state-sponsored hackers masquerading as online recruiters. These…
Enhancing Your Digital Security While Traveling As data privacy concerns escalate, business travelers must remain vigilant. One emerging tool in this realm is VeraCrypt, a free and open-source encryption application. This software offers the ability to encrypt entire drives and operating system partitions, similar to services like BitLocker or FileVault.…
A targeted cyber intrusion campaign has been actively engaging telecommunications and business process outsourcing (BPO) companies since at least June 2022. This ongoing assault aims to infiltrate mobile carrier networks and is characterized by SIM swapping techniques, as highlighted in recent investigations by CrowdStrike. Researcher Tim Parisi detailed these findings…
Google has issued urgent out-of-band security updates to rectify a critical vulnerability in its Chrome browser for Windows. This flaw, designated as CVE-2025-2783 (CVSS score: 8.3), has reportedly been exploited in real-world phishing attacks aimed primarily at organizations in Russia. Described as stemming from an “incorrect handle provided in unspecified…
