How to Easily Escalate to Root on Linux Using the Latest Sudo Vulnerabilities
A newly disclosed pair of critical vulnerabilities in Sudo — the powerful Unix/Linux command-line tool that allows users to run commands as root — poses…
Month: July 2025
From the FBI to F&A: lessons learnt in safeguarding systems and data
One might not typically expect a childhood on a Texas farm to lead to a career that involve investigating cybercriminals at the FBI, and then…
Researchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain Persistence
Security researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity…
Hacker leaks Telefónica data allegedly stolen in a new breach
A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge.…
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware
Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed…
Ingram Micro suffers global outage as internal systems inaccessible
IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a…
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
A critical vulnerability, tracked as CVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and =15.1.0 =15.1.0,
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are
Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI…
Apache APISIX Vulnerability Enables Cross-Issuer Access Under Misconfigurations
A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway. This flaw, rated as important, could…
NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
Jul 04, 2025Ravie LakshmananZero-Day / Cyber Espionage Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been…
Google fined $314M for misusing idle Android users’ data
Google fined $314M for misusing idle Android users’ data Pierluigi Paganini July 04, 2025 Google must pay $314M after a California court ruled it misused…
Malicious SEO Plugins on WordPress Can Lead to Site Takeover
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated…