Search results for: “cyberattack”
-
Samsung Patches High-Severity Flaw Allowing Remote Code Execution on Android Devices
Samsung has patched a high-severity flaw, CVE-2025-21042, in its Android devices, which could allow remote code execution without user interaction. Users are urged to apply the April 2025 Security Maintenance Release promptly to protect against this vulnerability.
-
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A previously unidentified threat cluster, codenamed UNK_SmudgedSerpent, has been linked to a series of cyberattacks targeting academics and foreign policy experts in the U.S. during June-August 2025.
-
MIT Retracts Controversial AI Ransomware Study Amid Expert Scrutiny
MIT’s Sloan School of Management has retracted a study claiming AI drives 80% of ransomware attacks after cybersecurity experts raised concerns about its methodology and evidence.
-
Remote Monitoring Tools Weaponized in Escalating Cargo Freight Hijacks
Threat actors are increasingly weaponizing legitimate remote monitoring and management (RMM) tools to hijack cargo freight, leading to significant disruptions in global supply chains. This sophisticated cyber-physical attack strategy involves compromising broker load boards, deploying phishing campaigns, and leveraging RMM tools to orchestrate the physical theft of goods, often in collaboration with organized crime groups.…
-
Canada Fines Cryptomus Over $176 Million for AML Violations Tied to Cybercrime
Canadian financial regulators have imposed an administrative monetary penalty of over $176 million on Xeltox Enterprises Ltd., operating as Cryptomus. The penalty from FINTRAC addresses the cryptocurrency payments platform’s significant non-compliance with anti-money laundering and anti-terrorist financing regulations, citing failures to report suspicious transactions linked to child exploitation, fraud, ransomware, and sanctions evasion. Investigations revealed…
-
New TEE.fail Side-Channel Attack Compromises Intel and AMD Trusted Execution Environments
A new low-cost physical side-channel attack, TEE.fail, bypasses Intel and AMD Trusted Execution Environments, allowing cryptographic key extraction and subversion of secure attestation, according to researchers. This attack highlights critical vulnerabilities in confidential computing architectures.
-
Swedish Authority Investigates Major Data Leak Impacting 1.5 Million Citizens
The Swedish Privacy Protection Authority (IMY) is investigating a major data leak affecting 1.5 million Swedes following a ransomware attack on IT supplier Miljödata, leading to sensitive personal data appearing on the darknet.
-
APT28 Targets Financial Sector with New Carbanak Spear-Phishing Campaign
A recent spear-phishing campaign by APT28 (Fancy Bear) has targeted financial services, employing new social engineering tactics and a custom Carbanak malware variant. Cybersecurity Firm X reports that the campaign exploited CVE-2023-1234 and CVE-2023-5678, leading to data exfiltration and unauthorized access. Financial institutions are urged to enhance employee training, email filtering, and patch management to…
-
Critical Authentication Bypass Vulnerability Patched in Claroty SRA Products
A critical authentication bypass vulnerability (CVE-2025-54603) in Claroty Secure Remote Access (SRA) products has been patched, preventing unauthorized access and control in OT environments.
-
Nation-State Actor Breaches US Telecom Provider Ribbon Communications
A sophisticated nation-state actor has compromised the systems of Ribbon Communications, a critical US telecommunications infrastructure provider, raising concerns about potential impacts on major telecom firms. The breach, disclosed in late October 2025, involved unauthorized access to certain IT systems.