Latest Cybersecurity News and Articles

Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution

Xerox has released critical patches for FreeFlow Core version 8.0.4 to address two high-severity vulnerabilities—CVE-2025-8355 and CVE-2025-8356—that enable Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE).

MedusaLocker ransomware group is looking for pentesters

The MedusaLocker ransomware group, active since 2019 and operating under a Ransomware-as-a-Service (RaaS) model, has announced a recruitment drive for penetration testers via its Tor-based data leak site.

Connex Credit Union data breach impacts 172,000 members

Connex Credit Union, one of Connecticut’s largest non-profit financial institutions, has disclosed a significant data breach that compromised the personal and financial information of approximately 172,000 individuals.

Smart Buses flaws expose vehicles to tracking, control, and spying

Researchers have uncovered critical vulnerabilities in smart bus systems that could allow attackers to remotely track, control, or spy on vehicles. These flaws arise from the insecure integration of passenger Wi-Fi and critical vehicle systems.

ReVault! When your SoC turns against you… deep dive edition

Researchers uncovered multiple critical vulnerabilities in Dell ControlVault3 and ControlVault3 Plus firmware, including CVE-2025-25215, CVE-2025-24922, and CVE-2025-24919.

WinRAR zero-day exploited to plant malware on archive extraction

A critical 0-day vulnerability in WinRAR, tracked as CVE-2025-8088, was actively exploited by the RomCom threat actor group in phishing campaigns. The flaw, a directory traversal vulnerability, allows attackers to extract files into arbitrary paths.

The inside story of the Telemessage saga

A major security lapse in TeleMessage, a Signal clone used by U.S. government officials, has led to the exposure of 410GB of sensitive communications. Over 780 CBP officer emails were compromised.

Embargo Ransomware nets $34.2M in crypto since April 2024

According to a new report, the Embargo ransomware group has amassed approximately $34.2 million in cryptocurrency since its emergence in April 2024. The group primarily targets the healthcare, business services, and manufacturing sectors.

Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere

A security researcher uncovered critical vulnerabilities in a major carmaker’s dealership web portal that allowed unauthorized creation of a national admin account. This access enabled full control over customer and vehicle data.

After researchers unmasked a prolific SMS scammer, a new operation has emerged in its wake

A new large-scale SMS phishing operation, dubbed Magic Mouse, has emerged following the takedown of the earlier scam campaign known as Magic Cat. Magic Mouse is now responsible for the theft of approximately 650,000 credit cards per month.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags