Search results for: “law enforcement”
-
Finnish Authorities Detain Crew and Seize Vessel After Undersea Cable Severed: Aggravated Sabotage Probe Uncovers Sanctioned Cargo
Finnish authorities detained 14 crew aboard the Fitburg cargo ship after a critical undersea cable linking Helsinki to Estonia was severed on New Year’s Eve. Two crew members—Russian and Azerbaijani nationals—face arrest on aggravated sabotage charges, while investigators discovered sanctioned Russian steel in the vessel’s cargo. A second cable operated by Arelion also failed the…
-
Tokyo FM Data Breach Claims 3 Million Records Exposed
On January 1, 2026, an attacker announced access to Tokyo FM Broadcasting Co., Ltd.’s internal systems, claiming to have exfiltrated 3 million listener and employee records. The dataset reportedly includes personal identifiers (names, emails, IP addresses), behavioral data (user agents), authentication tokens, and employment information. Tokyo FM has not yet issued public confirmation or customer…
-
Roundcube CVE-2025-68461: SVG XSS Vulnerability Enables Silent Email Account Takeover Through Malicious Animate Tags
Roundcube Webmail contains a Cross-Site Scripting vulnerability (CVE-2025-68461, CVSS 7.2) that enables attackers to hijack email accounts by sending malicious SVG files. The flaw exploits improper sanitization of SVG animate tags to execute JavaScript in victim browsers, granting full account access without credentials. Security patches are available for versions 1.5.12 and 1.6.12, but deployment lags…
-
IBM API Connect CVE-2025-13915: Critical Authentication Bypass Affecting Enterprise API Gateways at Major Financial and Telecom Organizations
IBM API Connect (CVSS 9.8) authentication bypass allows remote attackers to completely bypass login mechanisms and gain unauthorized access to centralized API gateways serving banks, airlines, and telecommunications companies. Affects versions 10.0.8.0-10.0.8.5, 10.0.11.0, 10.0.15.0 with no evidence of active exploitation yet.
-
MongoDB MongoBleed CVE-2025-14847: Unauthenticated Memory Leak Under Active Exploitation
A critical pre-authentication memory disclosure vulnerability in MongoDB allows attackers to leak heap memory without credentials. With 87,000+ vulnerable instances globally and active exploitation confirmed, CISA has mandated patches for Federal agencies by January 19, 2026.
-
Belgian data trader fined for illegal resale of data
The Belgian data trader Infobel has been hit with a €40,000 fine by the Belgian Data Protection Authority (GBA) for illegally reselling personal data for marketing purposes. The GBA found Infobel lacked proper consent from individuals, violating GDPR and emphasizing specific, active consent for data use.
-
Unnamed APT Exploits Zero-Days in Citrix and Cisco, Targeting Critical Infrastructure
An unnamed advanced persistent threat (APT) group exploited zero-day vulnerabilities in Citrix NetScaler ADC and Gateway, dubbed “CitrixBleed 2,” and a critical flaw in Cisco Identity Service Engine (ISE). The attacks targeted essential identity and network access control infrastructure.
-
UK Online Safety Push Sparks Transatlantic Free Speech Clash
A contentious legal battle is unfolding across the Atlantic, as the United Kingdom’s communications regulator, Ofcom, faces accusations of extraterritorial overreach in its enforcement of the Online Safety Act against American online platforms, reigniting a global debate on internet sovereignty and free speech.
-
What Is Bring Your Own Vulnerable Driver (BYOVD)?
Bring Your Own Vulnerable Driver (BYOVD) is a technique that leverages signed but vulnerable drivers to gain kernel-level access and evade security controls.