Category: News

A newly disclosed high-severity vulnerability in CommVault’s Command Center has caused a stir in the cybersecurity community. The product, often deployed at the core of critical infrastructure, contains serious flaws that could potentially compromise the entire system if exploited. Commvault Vulnerability CVE-2025-34028 The vulnerability, tracked as CVE-2025-34028, affects Commvault Command Center versions 11.38.0 through 11.38.19 … Continued

A newly discovered critical vulnerability in Langflow has been discovered by Zscaler, an open-source platform widely used for visually composing AI agents and workflows. Tracked as CVE-2025-3248, the flaw allows unauthenticated attackers to remotely execute arbitrary code on vulnerable servers, with a severity score of 9.8 on the Common Vulnerability Scoring System (CVSS). Overview of … Continued

Cybersecurity researchers at Trend Micro have uncovered a sophisticated campaign by North Korea-linked threat actor group Void Dokkaebi, which used a fictitious company called BlockNovas to lure job seekers into downloading malware disguised as part of an interview process. This campaign, run across platforms like LinkedIn, Upwork, and Freelancer, has already affected hundreds of applicants … Continued

Zyxel has released critical security updates for its USG FLEX H series firewalls, addressing two vulnerabilities tracked as CVE-2025-1731 and CVE-2025-1732 allow attackers to escalate privileges on affected systems. Vulnerability Details CVE-2025-1732 pertains to improper privilege management within the firmware’s recovery function. This vulnerability could allow a local attacker with administrative access to upload a … Continued

SK Telecom, South Korea’s largest mobile operator, has confirmed a security breach involving customer SIM-related information following a malware infection discovered late on April 19. The attack, which occurred around 11:00 PM local time on Saturday, exploited a period when many organizations typically operate with reduced staffing. SK Telecom servers approximately 34 million subscribers and … Continued

FortiGuard Labs has identified a new botnet, dubbed “RustoBot,” actively exploiting vulnerabilities in TOTOLINK devices. Notably, this variant is written in Rust—a modern, secure programming language. Spike in TOTOLINK Exploits Between January and February 2025, FortiGuard observed a surge in cyberattacks exploiting known vulnerabilities in TOTOLINK networking hardware. These attacks are based on the cstecgi.cgi … Continued

A major security flaw has been discovered in WinZip, a popular file compression utility, potentially putting millions of users at risk of malicious code execution. This vulnerability affects WinZip up to version 76.9(64-bit for Windows) and has not yet been patched. Overview of CVE-2025-33028 The Vulnerability allows attackers to bypass the Mark-of-the-Web (MotW) security feature- … Continued

In a troubling new development in the world of phishing, researchers from Kaspersky have discovered a new phishing technique that uses SVG (Scalable Vector Graphics) files- a format used for web design and graphics. Phishing tactics continue to evolve rapidly, moving beyond familiar PDF attachments and deceptive URLs like “FaceB00k”. This time, attackers are weaponizing … Continued

Cybersecurity researchers at Trend Micro have uncovered a series of ransomware samples with infection characteristics and payloads attributable to the FOG ransomware group. The discovery includes nine samples uploaded to VirusTotal between March 27 and April 2, all of which have the note containing names related to Department of Government Efficiency (DOGE) led by Elon … Continued

Cybersecurity researchers are raisng alarm over an increase in cyberattacks linked to notorious malware strain known as XorDDoS, which has been aggressively targeting systems in the United States. According to a new analysis by Cisco Talos, 71.3% of XorDDoS-related attacks between November 2023 and February 2025 were aimed at U.S. infrastructure. XorDDoS XorDDoS is a … Continued