Cisco disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated Management Controller (IMC). Tracked as CVE-2025-20317 with a CVSS 3.1 base score of 7.1, the vulnerability could enable an unauthenticated remote attacker…
Category: EN
UTG-Q-1000 Group Weaponizing Subsidy Schemes to Exfiltrate Sensitive Data
The emergence of sophisticated cybercriminal organizations continues to pose significant threats to individuals and institutions worldwide, with the UTG-Q-1000 group representing one of the most concerning developments in recent cybersecurity history. This highly organized criminal network has demonstrated exceptional technical…
With Ransomware Attacks Surging, Eliminate Silos and Tap Genai to Strengthen Threat Intelligence
After a brief lull in ransomware attacks following the LockBit disruption earlier this year, ransomware attacks spiked again in the second quarter of 2024 and are showing no signs of abating. Extortion… The post With Ransomware Attacks Surging, Eliminate Silos and Tap…
Microsoft wants to automatically save your Word docs to the cloud
Microsoft is rolling out a feature that defaults to saving your documents to the cloud. Consumers are divided. This article has been indexed from Malwarebytes Read the original article: Microsoft wants to automatically save your Word docs to the cloud
SK Telecom walloped with $97M fine after schoolkid security blunders let attackers run riot
Regulator points to lack of ‘basic access controls’ between internet-facing systems, internal network South Korea’s privacy watchdog has slapped SK Telecom with a record ₩134.5 billion ($97 million) fine after finding that the mobile giant left its network wide open…
Cyberattack on New York Business Council Exposes Thousands to Risk
The Business Council of New York State (BCNYS), an influential body representing businesses and professional groups, has confirmed that a recent cyberattack compromised the personal information of more than 47,000 people. In a report submitted to the Office of the…
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors. “While these actors focus on large backbone routers…
Fake IT Support Attacks Hit Microsoft Teams
Fake IT support lures are being used to trick employees into installing remote‑access tools via Microsoft Teams This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake IT Support Attacks Hit Microsoft Teams
Farmers Insurance Breach Exposes Data of 1.1 Million Customers via Salesforce Compromise
Farmers Insurance has disclosed a data breach stemming from unauthorized access to a third-party vendor’s database, potentially compromising the personal information of approximately 1.1 million customers. The breach, detected on May 30, 2025, involved an unauthorized actor infiltrating a system…
Weaponized ScreenConnect RMM Tool Deceives Users into Installing Xworm RAT
The SpiderLabs Threat Hunt Team recently discovered a cyber campaign in which threat actors used the genuine ScreenConnect remote management application as a weapon to spread the Xworm Remote Access Trojan (RAT) through a multi-phase infection chain. The attack begins…