Cyber Attack

CISA warns of CVE-2025-54253 in Adobe Experience Manager, allowing unauthenticated code execution—fix now for versions up to 6.5.23.0. Also, active CVE-2016-7836 in SKYSEA; learn how to secure your systems from these critical vulnerabilities.

New research reveals Telegram as the primary tool for 120+ hacktivist groups to plan DDoS strikes via 11,000 posts and hashtags-exposing worldwide targets. Learn to monitor threats, bolster DDoS defenses, and stay ahead of visible cyber tactics.

GreyNoise reports a 500% spike in attacks on Palo Alto GlobalProtect portals, with 2,200 unique IPs probing SSL VPNs via automated brute-force from US-heavy clusters. Dataset of credentials released; links to Cisco ASA scans suggest broader remote access threats—block IPs and monitor logs now.

Microsoft alerts on cybercriminals and state actors abusing Teams' messaging, calls, and sharing for full attack lifecycle—from reconnaissance with TeamsEnum to exfiltration via GraphRunner and extortion by Octo Tempest. Harden identities, monitor anomalies, and train users to mitigate.

Jammu Cyber Police cracks ₹4.44 crore online fraud, nabbing three Surat suspects for "digital arrest" scam that coerced a businessman via fake law enforcement threats using Aadhaar/SIM data. FIR under IT Act & BNS filed; report scams to 1930 helpline to stay safe.

A hacker alleges stealing Huawei's source code, dev tools, scripts, and manuals in a major breach, offering them on dark web forums—echoing past espionage fears from U.S. warnings, Vodafone backdoors, and NSA hacks. Investigation ongoing amid global security risks.

LayerX uncovers CometJacking, exploiting Perplexity’s AI browser via malicious URLs to steal Gmail/Calendar data—tricks AI into Base64-encoded exfiltration, bypassing safeguards. Urgent call for AI security-by-design amid rising agentic threats.

CVE-2025-43400 enables out-of-bounds writes via malicious fonts, risking app crashes and memory corruption on macOS, iOS, and more—no active exploits yet, but RCE potential. Update to Sequoia 15.7.1 immediately for protection against untrusted files.

The 2026 FIFA World Cup's 48 teams, 104 matches across Canada, Mexico, and USA heighten cyber risks from ransomware and hacktivists, targeting tech-reliant infrastructure. Experts urge collaboration, stable CISA funding, and daily best practices to secure the event.

Check Point uncovers Iranian-aligned Nimbus Manticore's (UNC1549) spear-phishing campaign hitting defense, telecom, and aviation in Denmark, Sweden, Portugal. Fake job portals deliver MiniJunk backdoor and MiniBrowse stealer via advanced DLL side-loading—boost phishing defenses now.