In a bold and long-overdue move, Microsoft and CrowdStrike, two of the cybersecurity industry most influential players, have joined forces to revolutionize how cyber threat actors are named and tracked. Partnering with Google’s Mandiant and Palo Alto Networks’ Unit 42, this initiative aims to establish a standardized naming convention for known threat actors—a sort of … Continued
Infosecurity Europe 2025, commemorating its 30th anniversary, is poised to be the definitive gathering in the cybersecurity calendar. From June 3rd to 5th at ExCeL London, this event is not merely a conference; it represents the strategic nexus where the future of information security is debated, shaped, and presented. This guide is designed to direct … Continued
Cybersecurity researchers have identified two significant vulnerabilities in widely used Linux distributions, specifically impacting Ubuntu, Red Hat Enterprise Linux (RHEL), and Fedora. A local attacker could use these flaws to steal sensitive information, including user password hashes, which are crucial for system security. To understand these vulnerabilities, one should first understand “Core Dumps”. A core … Continued
DOJ Takedown Marks Major Win Against Malware Crypting Services In a multinational law enforcement operation, the U.S. Department of Justice has seized four domains that provided services to cybercriminals, enabling them to evade antivirus detection. Cybercriminals frequently use “malware crypting services” and “counter-antivirus (CAV) tools” to render their malware undetectable by conventional security systems. … Continued
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Funnull Technology Inc., a Philippines-based company, along with its administrator Liu Lizhi, for facilitating extensive romance baiting scams that resulted in substantial cryptocurrency losses. Operating out of Taguig, Philippines, Funnull allegedly provided technical support to thousands of fraudulent websites offering fake … Continued
Recently, Cisco revealed a critical vulnerability CVE-2025-20188 in its IOS XE Wireless Controller Software, affecting version 17.12.03 and earlier. CVE-2025-20188 stems from an unauthenticated arbitrary file upload mechanism, is linked to a hard-coded JSON Web Token (JWT) in the system. This vulnerability impacts Cisco’s widely deployed Wireless LAN Controller (WLC), a core enterprise solution integrated … Continued
The Apache Software Foundation has disclosed a new security vulnerability affecting multiple versions of Apache Tomcat. Tracked as CVE-2025-46701, the issue allows for a security constraint bypass under specific conditions, though it has been classified as a low severity risk. CVE-2025-46701 The flaw impacts Apache Tomcat versions: 11.0.0-M1 to 11.0.6 10.1.0-M1 to 10.1.40 9.0.0.M1 to … Continued
In its latest Adversarial Threat Report for Q1 2025, Meta has announced the takedown of three coordinated influence operations originating from Iran, China, and Romania. These campaigns were dismantled before they gained traction among authentic users on Meta’s platforms and beyond. Romanian Election One of the largest networks uncovered during the quarter was linked to … Continued
Dell Technologies has rolled out a critical security update for its PowerStore T family of storage appliances, addressing multiple vulnerabilities that could leave systems exposed to exploitation. The update, detailed in Security Advisory DSA-2025-223, is rated as high impact and is strongly recommended for all users to apply without delay. What’s at Stake? This update … Continued
In a significant data security incident, LexisNexis Risk Solutions, a major U.S.-based data analytics company, has confirmed a breach that compromised the personal information of more than 300,000 individuals. The breach originated in December 2024 but only came to light in April 2025, when LexisNexis was notified that a threat actor had stolen company data … Continued
