Skip to content
cyber updates

cyber updates

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Jun 26, 2025Ravie LakshmananOpen Source / Vulnerability Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual… 

Read More »Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Jun 26, 2025Ravie LakshmananVulnerability, Network Security Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute… 

Read More »Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

Jun 26, 2025Ravie LakshmananCyber Attack / Malware Analysis The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half… 

Read More »New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
Why Built-In Protections Aren’t Enough for Modern Data Resilience

Why Built-In Protections Aren’t Enough for Modern Data Resilience

SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous… 

Read More »Why Built-In Protections Aren’t Enough for Modern Data Resilience
Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

Jun 26, 2025Ravie LakshmananCyber Espionage / Malware An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer… 

Read More »Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Jun 26, 2025Ravie LakshmananThreat Intelligence / Ransomware Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly… 

Read More »Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Jun 26, 2025Ravie LakshmananVulnerability / Firmware Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited… 

Read More »CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

Jun 26, 2025Ravie LakshmananArtificial Intelligence / Data Protection Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature,… 

Read More »WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

Jun 25, 2025Ravie LakshmananSaaS Security / Vulnerability New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications.… 

Read More »nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Jun 25, 2025Ravie LakshmananVulnerability / Network Security Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries… 

Read More »Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC