On April 8, 2025, Microsoft released its monthly security updates, addressing a total of 121 vulnerabilities across various products. Among these, CVE-2025-29824, a zero-day vulnerability in the Windows Common Log File System (CLFS) Driver, has been actively exploited in ransomware…
In my first interview with cybersecurity expert and author Scott Schober, we explored his personal experiences with being hacked and the eye-opening insights from his book Hacked Again. Now, we’re reconnecting with Scott to go deeper. Because the threat landscape…
Overview of the Vulnerability Ivanti has recently disclosed a significant security vulnerability, identified as CVE-2025-22457, affecting its Connect Secure, Policy Secure, and ZTA Gateway products. While specific details are pending, such vulnerabilities typically involve issues such as remote code execution,…
Cybersecurity researchers have uncovered a new vulnerability in Google’s Quick Share data transfer tool for Windows, potentially allowing attackers to crash the application or send files to a user’s device without their consent. The vulnerability, tracked as CVE-2024-10668 with a…
Security researchers at Elastic Security Labs have released an in-depth analysis of a long-running Linux malware campaign known as Outlaw. Despite its unsophisticated code and crude attack methods, Outlaw remains remarkably persistent. This malware is a great example of how…
Small and medium-sized businesses (SMBs) are continuously becoming prime targets for cybercriminals. Recent statistics reveal that 61% of SMBs were targeted by cyberattacks, with 46% of all cyber breaches affecting companies with fewer than 1,000 employees. The consequences of such…
In early 2025, cybersecurity researchers uncovered a zero-day vulnerability in Microsoft’s Management Console (MMC), tracked as CVE-2025-26633 and nicknamed MSC EvilTwin. This critical flaw is being actively exploited by a threat group dubbed Water Gamayun and represents a dangerous vector…
A new report from Forescout’s Vedere Labs reveals alarming cybersecurity vulnerabilities in solar power systems produced by some of the industry’s biggest names – Sungrow, Growatt, and SMA. These flaws, collectively named SUN:DOWN, could potentially open the door for cyberattacks…
In a recent Q&A with Dr. Mansur Hasib, he emphasized that one of the most effective ways to equip non-technical leaders, like CEOs and COOs, with the right mindset to view cybersecurity as a strategic asset is by attending high-quality…
In our previous conversation with Dr. Mansur Hasib, we explored his powerful vision of cybersecurity as a “people-powered perpetual innovation” – a leadership-first approach that continues to inspire professionals across the industry. Read Part 1 here: Dr. Mansur Hasib: Cybersecurity…
Google Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves…
Critical Flaws in Ingress NGINX Controller Enable Remote Code Execution A newly disclosed set of five severe vulnerabilities, dubbed IngressNightmare by cloud security firm Wiz, has put more than 6,500 Kubernetes clusters at risk. These critical flaws impact the Ingress…
A newly disclosed vulnerability in the Next.js React framework has been assigned a CVSS score of 9.1, marking it as a critical security risk. Tracked as CVE-2025-29927, the flaw can be exploited under specific conditions to bypass middleware-based authorization checks,…
Two Critical Vulnerabilities Expose Administrative Access Two now-patched but previously critical vulnerabilities in Cisco Smart Licensing Utility are being actively exploited in the wild, according to reports from the SANS Internet Storm Center. These flaws affect versions 2.0.0, 2.1.0, and…
At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined…
The U.S. Cybersecurity and Infrastructure Security Agency has identified a significant security flaw affecting NAKIVO Backup & Replication software, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild. The vulnerability, tracked as CVE-2024-48248…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered vulnerability linked to the supply chain compromise of the GitHub Actions, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2025-30066, has been assigned…
A newly disclosed security flaw in Apache Tomcat is being actively exploited, following the release of a public proof-of-concept (PoC) just 30 hours after its disclosure. Affected Apache Tomcat Versions The vulnerability, tracked as CVE-2025-24813, impacts the following versions: Apache…
Security researcher Yohanes Nugroho has developed a decryptor for the Linux variant of Akira ransomware. The tool leverages GPU power to retrieve decryption keys, allowing victims to unlock their encrypted files for free. Development of Akira Decryptor Nugroho began working…
Users searching for pirated software are now prime targets for a new malware campaign that distributes a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. A New Threat in the Piracy Scene Clipper malware is designed to…
