Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices…
Month: July 2025
Microsoft Authenticator to Discontinue Password Support and Cease Operations by August 2025
Microsoft has announced significant modifications to its popular Authenticator application, with critical features being discontinued in the coming months. Starting July 2025, the autofill functionality…
Microsoft Ends Authenticator App’s Password Management Support From 2025
Microsoft has announced it will discontinue password management features in its widely used Authenticator app, marking a significant shift in its approach to digital security.…
US CISA agency extends Iran cyber alert, warns of CNI threat
The United States Cybersecurity and Infrastructure Security Agency (CISA) has reiterated and extended previous warnings over the activities of Iranian threat actors targeting Western interests,…
Citrix warns of login issues after NetScaler auth bypass patch
Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler…
Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags
A newly discovered denial-of-service vulnerability in the ModSecurity Web Application Firewall (WAF) engine has security experts on high alert. The flaw, designated CVE-2025-52891, affects specific versions of mod_security2…
Hackers Target Linux SSH Servers to Deploy TinyProxy and Sing-box Proxy Tools
Hackers are exploiting poorly managed Linux servers, particularly those with weak SSH credentials, to install proxy tools such as TinyProxy and Sing-box. The AhnLab Security…
Qantas says large amount of customer data stolen in cyberattack on call center
Australian carrier Qantas said hackers who breached one of its call centers stole a significant quantity of customer data. The airline said on its website…
Forminator plugin flaw exposes WordPress sites to takeover attacks
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is…
AI Crawlers Reshape The Internet With Over 30% of Global Web Traffic
The digital landscape is experiencing a fundamental transformation as artificial intelligence crawlers emerge as dominant forces across the global internet infrastructure. Recent analysis reveals that…
IDE Extensions Like VSCode Allow Attackers to Bypass Trust Checks and Deliver Malware to Developer Systems
OX Research conducted a ground-breaking study in May and June 2025 that revealed concerning security flaws in the extension verification procedures of some of the…
Qantas Confirms Major Data Breach Linked to Third-Party Vendor
Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline…