U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers,…
Category: Security Affairs
A critical flaw in OpenPGP.js lets attackers spoof message signatures
A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have been released to address the flaw. A critical vulnerability, tracked as CVE-2025-47934, in OpenPGP.js allowed spoofing of message signature verification. OpenPGP.js is an open-source JavaScript…
SK Telecom revealed that malware breach began in 2022
South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Korea’s largest wireless telecom company, a major player in the country’s mobile and tech landscape. It holds about…
4G Calling (VoLTE) flaw allowed to locate any O2 customer with a phone call
A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due to improper IMS standard implementation. A flaw in 4G Calling (VoLTE) service of the UK telecom O2 exposed user location data through network responses due…
China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks
China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia. ESET researchers revealed that a China-linked APT, tracked as UnsolicitedBooker, targeted an international organization in Saudi Arabia using a new backdoor called MarsSnake. The experts…
UK’s Legal Aid Agency discloses a data breach following April cyber attack
The UK’s Legal Aid Agency suffered a cyberattack in April and has now confirmed that sensitive data was stolen during the incident. The Legal Aid Agency (LAA) revealed that it had suffered a cyberattack on its systems on April 23. …
Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
Cybersecurity Observatory of the Unipegaso’s malware lab published a detailed analysis of the Sarcoma ransomware. It is with great pleasure and honor that I present the first report produced by the Malware Analysis Lab, led by Luigi Martire. The lab…
Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025
Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data or achieve code execution. Mozilla released security updates to fix two critical vulnerabilities in the Firefox browser that could be potentially exploited to access sensitive…
Japan passed a law allowing preemptive offensive cyber actions
Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to bolster defenses like major Western powers. Japan has enacted the Active Cyberdefense Law, allowing preemptive offensive cyber operations to counter threats before damage occurs. This…
Pwn2Own Berlin 2025: total prize money reached $1,078,750
Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days. On the final day of Pwn2Own Berlin 2025, participants earned $383,750 for demonstrating zero-day in VMware Workstation, ESXi,…