Action required – Critical bug reported in Cisco ISE API Two critical security vulnerabilities, CVE-2025-20124 and CVE-2025-20125, have been identified in the API of Cisco Identity Services Engine (ISE), a platform widely used for network access control and security policy management. These vulnerabilities pose significant risks, potentially allowing attackers to execute arbitrary commands and gain […]

Update MobSF Now: Fixes for Two Major Vulnerabilities The Mobile Security Framework (MobSF), a widely used tool for mobile app security testing, has been found to have two critical vulnerabilities: CVE-2025-24805 and CVE-2025-24803. These security flaws could let attackers gain unauthorized access to sensitive data or disrupt the software’s normal operations. As a result, users […]

Bashe Group Claims ICICI Data Breach ICICI yet to Confirm The Bashe hacking group, an offshoot of the LockBit ransomware syndicate, has claimed responsibility for an alleged data breach at ICICI Bank, one of India’s leading financial institutions. The group’s claims have been made public on their data leak site, where they allege to have […]

Trump’s Pardon of Dark Web Admin Raises Concerns In a surprising move, Ross Ulbricht, the mastermind behind the notorious dark web marketplace Silk Road, has been pardoned by former U.S. President Donald Trump. The pardon, confirmed by Trump himself on his own social media platform ‘Truth Social’ , has sparked intense debates about justice in […]

Infosec News: RansomHub Claims Breach at American Standard American Standard, a globally recognized manufacturer of kitchen and bath products under the Lixil Group, has reportedly fallen victim to a data breach orchestrated by the hacking group RansomHub. The breach, which surfaced through an online screenshot, alleges the exfiltration of approximately 400 GB of company data. […]

ISACA’s Erroneous Email Sparks Panic Among Subscribers On January 15, ISACA, a global leader in IT certifications and cybersecurity training, unintentionally sent an email to thousands of its subscribers, causing widespread confusion and concern. The email, containing a vague message and a suspicious-looking URL, led many recipients to fear a potential phishing attack or data […]

Casio Confirms Data Breach Following Ransomware Attack Japanese electronics giant Casio has confirmed a significant data breach following a ransomware attack that occurred in October 2024. The attack, carried out by the notorious “Underground” ransomware group, compromised the personal information of approximately 8,500 individuals. This includes employees, business partners, and a limited number of customers. […]

CVE-2025-0282: A Critical Flaw in Ivanti Products A critical security vulnerability, CVE-2025-0282, has been identified in Ivanti’s Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow flaw enables remote, unauthenticated attackers to execute arbitrary code on affected devices, potentially leading to severe consequences such as complete system compromise, data theft, network […]

Critical Vulnerability Discovered in SonicWall SSLVPN A significant cybersecurity flaw, identified as CVE-2024-53704, has been discovered in SonicWall’s SonicOS SSL VPN firmware. This vulnerability, which could allow remote attackers to bypass authentication mechanisms, poses serious threat to organizations relying on SonicWall devices for secure remote access. The vulnerability, uncovered by SonicWall’s Product Security Incident Response […]

Understanding – Digital Personal Data Protection Bill 2025 The Indian government recently introduced the draft Digital Personal Data Protection (DPDP) Bill 2025, aiming to establish a robust framework for protecting personal data while addressing concerns related to data governance and privacy. This bill represents a significant step forward in India’s data protection regime and holds […]

Critical Vulnerability Discovered in BeyondTrust Products A critical security vulnerability, identified as CVE-2024-12356, has been discovered in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) software. This flaw, first publicly disclosed on 17th December 2024 can allow an unauthenticated attacker to inject commands that are run as a site user. Impact and Risk This […]

Critical Adobe ColdFusion Flaw Under Active Attack A critical security vulnerability affecting Adobe ColdFusion has come to light, with Adobe issuing an urgent patch and confirming the existence of publicly available exploit code. The flaw, tracked as CVE-2024-53961, is a path traversal vulnerability that could allow malicious actors to read arbitrary files on affected servers, […]

A Shocking Hardware Hack: Lebanon’s Pager Device Explosion In a shocking incident that has sent ripples across the globe, thousands of pager devices were detonated in Lebanon, resulting in a tragic loss of life and widespread injuries. While the exact cause of the explosion remains under investigation, this unprecedented event is being hailed as one […]

Fortinet Confirms Data Breach Involving Cloud Storage Fortinet, a major cybersecurity provider, confirmed a data breach where an unknown threat actor accessed files on a third-party cloud-based shared drive. According to Fortinet’s official statement: An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file […]

CrowdStrike -The Vulnerability of Single-Solution Dependency Recently, a significant cyber crisis impacted over 8.5 million Microsoft Windows devices globally. This disruption affected both end-user devices and servers, leading to financial losses for organizations relying on the CrowdStrike EDR (endpoint detection and response) solution. On Friday, July 19, 2024, at 04:09 UTC, CrowdStrike released a content […]

Microsoft Stumble: Bing Outage Impacts Search Landscape A recent Microsoft outage caused disruption for users worldwide, impacting not only Microsoft’s search engine Bing, but also other services like Copilot, DuckDuckGo, and even aspects of ChatGPT. The outage, which began around 3 AM EDT on May 23rd, 2024, primarily affected users in Asia and Europe. Bing […]

International Modern Hospital Hit by Medusa Ransomware International Modern Hospital (IMH), one of the oldest hospital in UAE is scrambling to contain a suspected ransomware attack perpetrated by the Medusa ransomware group. The group claims to have infiltrated the hospital’s systems and stolen a staggering 1.45 terabytes of data, which they are now attempting to […]

GE Targeted by Meow Ransomware: Data Breach Feared The infamous Meow ransomware group has added another big name to its victim list: GE Aerospace. In a recent announcement, the group claims to have stolen sensitive client data and internal SQL databases from the aerospace giant. Meow is now reportedly attempting to sell this stolen information […]

Fake Putty, WinSCP Downloads Deliver Ransomware Ransomware gangs are constantly innovating their attack methods, and system administrators have become a prime target. A recent malvertising campaign uncovered by Rapid7  highlights this growing threat. The campaign leverages fake downloads of PuTTY, a popular SSH client for Windows, to distribute ransomware and potentially gain privileged access within […]

BreachForums Tor Site Remains Dark After FBI Takedown BreachForums Tor remains inaccessible after a forceful takedown by the FBI on May 15, 2024. This decisive action, following a significant data leak from Europol, underscores global efforts to dismantle online criminal marketplaces like BreachForums Tor. Previously accessible on both the regular web and the dark web […]