ISACA’s Erroneous Email Sparks Panic Among Subscribers On January 15, ISACA, a global leader in IT certifications and cybersecurity training, unintentionally sent an email to thousands of its subscribers, causing widespread confusion and concern. The email, containing a vague message and a suspicious-looking URL, led many recipients to fear a potential phishing attack or data […]

Casio Confirms Data Breach Following Ransomware Attack Japanese electronics giant Casio has confirmed a significant data breach following a ransomware attack that occurred in October 2024. The attack, carried out by the notorious “Underground” ransomware group, compromised the personal information of approximately 8,500 individuals. This includes employees, business partners, and a limited number of customers. […]

CVE-2025-0282: A Critical Flaw in Ivanti Products A critical security vulnerability, CVE-2025-0282, has been identified in Ivanti’s Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow flaw enables remote, unauthenticated attackers to execute arbitrary code on affected devices, potentially leading to severe consequences such as complete system compromise, data theft, network […]

Critical Vulnerability Discovered in SonicWall SSLVPN A significant cybersecurity flaw, identified as CVE-2024-53704, has been discovered in SonicWall’s SonicOS SSL VPN firmware. This vulnerability, which could allow remote attackers to bypass authentication mechanisms, poses serious threat to organizations relying on SonicWall devices for secure remote access. The vulnerability, uncovered by SonicWall’s Product Security Incident Response […]

Understanding – Digital Personal Data Protection Bill 2025 The Indian government recently introduced the draft Digital Personal Data Protection (DPDP) Bill 2025, aiming to establish a robust framework for protecting personal data while addressing concerns related to data governance and privacy. This bill represents a significant step forward in India’s data protection regime and holds […]

Critical Vulnerability Discovered in BeyondTrust Products A critical security vulnerability, identified as CVE-2024-12356, has been discovered in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) software. This flaw, first publicly disclosed on 17th December 2024 can allow an unauthenticated attacker to inject commands that are run as a site user. Impact and Risk This […]

Critical Adobe ColdFusion Flaw Under Active Attack A critical security vulnerability affecting Adobe ColdFusion has come to light, with Adobe issuing an urgent patch and confirming the existence of publicly available exploit code. The flaw, tracked as CVE-2024-53961, is a path traversal vulnerability that could allow malicious actors to read arbitrary files on affected servers, […]

A Shocking Hardware Hack: Lebanon’s Pager Device Explosion In a shocking incident that has sent ripples across the globe, thousands of pager devices were detonated in Lebanon, resulting in a tragic loss of life and widespread injuries. While the exact cause of the explosion remains under investigation, this unprecedented event is being hailed as one […]

Fortinet Confirms Data Breach Involving Cloud Storage Fortinet, a major cybersecurity provider, confirmed a data breach where an unknown threat actor accessed files on a third-party cloud-based shared drive. According to Fortinet’s official statement: An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file […]

CrowdStrike -The Vulnerability of Single-Solution Dependency Recently, a significant cyber crisis impacted over 8.5 million Microsoft Windows devices globally. This disruption affected both end-user devices and servers, leading to financial losses for organizations relying on the CrowdStrike EDR (endpoint detection and response) solution. On Friday, July 19, 2024, at 04:09 UTC, CrowdStrike released a content […]

Microsoft Stumble: Bing Outage Impacts Search Landscape A recent Microsoft outage caused disruption for users worldwide, impacting not only Microsoft’s search engine Bing, but also other services like Copilot, DuckDuckGo, and even aspects of ChatGPT. The outage, which began around 3 AM EDT on May 23rd, 2024, primarily affected users in Asia and Europe. Bing […]

Patch AIOSEO Plugin Now: WordPress XSS Alert! WordPress website owners, beware! A critical security vulnerability has been discovered in the widely used All in One SEO (AIOSEO) plugin, impacting millions of sites. This flaw, identified as CVE-2024-3368, exposes websites to malicious attacks by allowing attackers to inject and execute Stored Cross-Site Scripting (XSS) scripts on […]

International Modern Hospital Hit by Medusa Ransomware International Modern Hospital (IMH), one of the oldest hospital in UAE is scrambling to contain a suspected ransomware attack perpetrated by the Medusa ransomware group. The group claims to have infiltrated the hospital’s systems and stolen a staggering 1.45 terabytes of data, which they are now attempting to […]

GE Targeted by Meow Ransomware: Data Breach Feared The infamous Meow ransomware group has added another big name to its victim list: GE Aerospace. In a recent announcement, the group claims to have stolen sensitive client data and internal SQL databases from the aerospace giant. Meow is now reportedly attempting to sell this stolen information […]

Fake Putty, WinSCP Downloads Deliver Ransomware Ransomware gangs are constantly innovating their attack methods, and system administrators have become a prime target. A recent malvertising campaign uncovered by Rapid7  highlights this growing threat. The campaign leverages fake downloads of PuTTY, a popular SSH client for Windows, to distribute ransomware and potentially gain privileged access within […]

BreachForums Tor Site Remains Dark After FBI Takedown BreachForums Tor remains inaccessible after a forceful takedown by the FBI on May 15, 2024. This decisive action, following a significant data leak from Europol, underscores global efforts to dismantle online criminal marketplaces like BreachForums Tor. Previously accessible on both the regular web and the dark web […]

Unpatched Outlook Exploit Up for Grabs on Hacking Forums A critical security vulnerability has emerged with the news that a threat actor, known as Cvsp, is allegedly selling a remote code execution (RCE) exploit targeting Microsoft Outlook for a staggering $1.7 million. This zero-day exploit, (referred to as “0-day” because there’s currently no patch available) […]

Google Accidentally Deleted $125 Bn Pension Fund Account Cloud giant Google is facing a major trust deficit after a critical error on its Google Cloud platform led to a week-long outage for a massive Australian pension fund. The incident, centered around the accidental deletion of a $125 billion pension fund account, has shaken confidence in […]

Dell Data Breach: Millions of Customers Affected Dell Technologies confirmed a data breach impacting millions of customers, with some personal information compromised. The company states they are investigating the incident. Dell has downplayed the severity of the breach, claiming only “limited” customer data was accessed. This includes details like names, physical addresses, installed locations of […]

On June 24, 2023, Microsoft mitigated the exposure of internal information in a storage account due to an overly permissive Shared Access Signature (SAS) token. The incident was discovered by security researchers at Wiz Research, who reported it to Microsoft’s Security Response Center (MSRC) on June 22. The SAS token is a security feature that […]