Cyber News & Articles

Cyber News & Articles

How to Eliminate Identity-Based Threats 

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of

read more
Cyber News & Articles

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation 

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.
The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.
“Pre-authentication deserialization of untrusted data vulnerability has been identified in the

read more
Cyber News & Articles

New Research: The State of Web Exposure 2025 

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here.
New research by web exposure management specialist Reflectiz reveals several

read more
Cyber News & Articles

QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features 

Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader.
“BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks,” Walmart’s Cyber Intelligence team told The Hacker News. “The BackConnect(s) in use were ‘DarkVNC’ alongside the IcedID

read more
Cyber News & Articles

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) 

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances.
The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management.
“This

read more
Cyber News & Articles

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware 

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks.
“This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity,” the tech giant’s cloud division said in its 11th

read more
Cyber News & Articles

Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose 

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Plus – don’t miss our featured interview with Avery Pennarun of Tailscale.

read more
Cyber News & Articles

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review 

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). 
“In alignment with the Department of Homeland Security’s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory

read more
Cyber News & Articles

MasterCard DNS Error Went Unnoticed for Years 

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.

read more
Cyber News & Articles

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet 

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks.
According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse.
Some

read more

CALL US TODAY TO SPEAK TO A SECURITY EXPERT: 720.221.6804

X