Topic: mitigation measures
-
FBI & CISA Alert: Rising Threat of Interlock Ransomware Attacks
The FBI and CISA warn of escalating Interlock ransomware attacks using double extortion, targeting critical infrastructure and businesses, with defensive measures provided. Interlock ransomware, active since late 2024, focuses on healthcare and other sectors, employing unconventional methods like...
Read More » -
Akira Ransomware Actively Exploits Critical SonicWall VPN Flaw
The Akira ransomware group is exploiting CVE-2024-40766, a known vulnerability in SonicWall VPN appliances, to breach unpatched corporate networks. Despite a patch being available since August 2024, incomplete updates and unchanged default credentials allow attackers to bypass security measures l...
Read More » -
IBM API Connect flaw exposes critical authentication bypass risk
A critical vulnerability (CVE-2025-13915) in IBM API Connect allows attackers to bypass authentication and gain unauthorized remote access, posing a high risk to sectors like finance and healthcare. IBM urges immediate patching to specific affected versions and advises disabling the Developer Por...
Read More » -
Microsoft fixes critical Office zero-day under active attack
Microsoft has urgently patched a critical, actively exploited zero-day vulnerability (CVE-2026-21509) in Office, which allows attackers to bypass security features by tricking users into opening malicious files. While patches are available for Office 2021, LTSC 2021/2024, and Microsoft 365, secur...
Read More » -
Cisco Patches Critical Zero-Day Flaw Actively Under Attack
Cisco has released critical security patches for 14 vulnerabilities in its IOS and IOS XE software, including a high-severity flaw (CVE-2025-20352) that has been actively exploited as a zero-day. The vulnerability is a stack overflow in the SNMP subsystem, affecting a wide range of devices, and c...
Read More » -
Russian Hackers Use ISO Files to Spread Phantom Stealer Malware
A new Russian-linked phishing campaign, Operation MoneyMount-ISO, uses a deceptive email chain with a ZIP/ISO file to bypass standard email filters and deploy Phantom Stealer malware. The malware employs sophisticated anti-analysis techniques to evade detection and steals a wide range of sensitiv...
Read More » -
Gladinet patches critical zero-day flaw in file-sharing software
Gladinet has released a critical security update for CentreStack to address CVE-2025-11371, a zero-day vulnerability that allowed attackers to bypass protections and execute remote code on systems. The flaw, discovered by Huntress, involved inadequate input sanitization enabling directory travers...
Read More » -
Critical React & Node.js Flaw Patched: Update Now (CVE-2025-55182)
A critical remote code execution vulnerability (CVE-2025-55182) affects React versions 19.0.0 through 19.2.0, requiring an immediate update to version 19.2.1. The flaw involves unsafe deserialization in React Server Components, impacting not only React but also major dependent frameworks like Nex...
Read More » -
Satellite Constellations Threaten Future Space Telescopes
The rapid growth of satellite constellations, projected to increase over thirtyfold, now seriously threatens space-based astronomy by marring images from orbital telescopes with numerous satellite streaks. Mitigation strategies like dark coatings that protect ground-based observations can ironica...
Read More »