WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware. The WinRAR flaw CVE-2025-8088, a directory traversal bug fixed in version 7.13, was exploited as a zero-day in phishing attacks to deliver…
Tag: Security Affairs
French firm Bouygues Telecom suffered a data breach impacting 6.4M customers
Bouygues Telecom suffered a cyberattack that compromised the personal information of 6.4 million customers. French telecommunications company Bouygues Telecom suffered a cyberattack that resulted in the compromise of personal information of 6.4 million customers. Bouygues Telecom, part of the Bouygues…
Columbia University data breach impacted 868,969 people
Columbia University was hit by a cyberattack, exposing personal data of over 860,000 students, applicants, and employees. Columbia University suffered a cyberattack that exposed the personal data of students, applicants, and employees. According to the data breach notification sent to…
SonicWall dismisses zero-day fears after Ransomware probe
SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks. SonicWall investigated claims of a zero-day being used in ransomware attacks but found no evidence of any new vulnerability in its products.…
Air France and KLM disclosed data breaches following the hack of a third-party platform
Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform. Air France and KLM reported a data breach after hackers accessed a third-party platform, potentially exposing some customers’ personal information. Both…
CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786
CISA and Microsoft warn of CVE-2025-53786, a high-severity Exchange flaw allowing privilege escalation in hybrid cloud environments. CISA and Microsoft warn of a high-severity flaw, tracked as CVE-2025-53786, in Exchange hybrid deployments that allows attackers to escalate privileges in cloud…
Microsoft unveils Project Ire: AI that autonomously detects malware
Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous…
CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector
Ukraine’s CERT-UA warns of phishing attacks by UAC-0099 targeting defense sectors, using malware like MATCHBOIL, MATCHWOK, and DRAGSTARE. Ukraine’s CERT-UA warns of phishing attacks by threat actor UAC-0099 targeting government and defense sectors, delivering malware like MATCHBOIL and DRAGSTARE. The…
How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments
CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments. The attack surface has exploded. Between multi-cloud deployments, remote endpoints, SaaS platforms, shadow IT, and legacy infrastructure, the perimeter…
Over 100 Dell models exposed to critical ControlVault3 firmware bugs
ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively named ReVault (tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919) in Dell’s ControlVault3 firmware…