Skip to content
data breach Page 149

data breach

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

Apr 15, 2025Ravie LakshmananVulnerability / Endpoint Security A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked… 

Read More »Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Apr 15, 2025Ravie LakshmananArtificial Intelligence / Data Privacy Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union,… 

Read More »Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. “The threat actor leverages fear-based lures delivered via phishing emails, designed to… 

Read More »ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Apr 14, 2025Ravie LakshmananEmail Security / Cyber Attack Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique… 

Read More »Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Apr 14, 2025Ravie LakshmananThreat Intelligence / Cybersecurity Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach… 

Read More »Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Apr 11, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the… 

Read More »Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the… 

Read More »Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors