Critical Vulnerability in KerioControl Firewalls Puts Thousands of Systems at Risk
A dangerous security flaw in GFI KerioControl firewalls allows attackers to remotely execute code and potentially take control of affected systems. Over 23,800 exposed instances are at risk across multiple countries, with active exploitation attempts already detected from Asia.
Critical SonicWall Firewall Vulnerability Requires Immediate Patching
SonicWall has disclosed a high-severity authentication bypass flaw in SonicOS that threatens SSL VPN and SSH management functions. The company has released urgent patches and mitigation guidance for affected firewall models to prevent potential exploitation.
PowerSchool Data Breach Exposes Sensitive Student Records in Major Education Platform Attack
PowerSchool, a leading K-12 education software provider, confirms unauthorized access to its Student Information System resulting in theft of sensitive student and teacher data. The company took the unusual step of paying a ransom in exchange for data deletion, highlighting a shift toward data theft-focused cyberattacks.
Inside the Professional Crime Machine: A Day with Elite Voice Phishing Operators
Modern voice phishing crews operate with military precision, utilizing sophisticated tools and tactics to target wealthy victims. With structured roles and meticulous planning, these cybercriminal enterprises can steal millions through elaborate social engineering schemes.
White House to Launch Smart Device Security Label Program in 2025
The U.S. government is introducing the Cyber Trust Mark program to help consumers identify secure IoT devices through QR code labels. Similar to Energy Star ratings, the initiative will require devices to meet NIST cybersecurity standards and receive certification from approved testing administrators.
Chinese Vessel Suspected in Strategic Taiwan-US Undersea Cable Sabotage
A Chinese-linked cargo ship is under investigation for deliberately damaging a critical undersea internet cable connecting Taiwan and the US, raising regional security concerns. The incident follows similar cases of suspected cable sabotage and comes amid increasing cyberattacks targeting Taiwan's infrastructure.
Critical Security Flaw in Popular WordPress Backup Plugin Threatens Millions of Sites
A severe vulnerability discovered in UpdraftPlus WordPress plugin puts over 3 million websites at risk of code execution attacks. The high-severity flaw affects all versions up to 1.24.11 and requires immediate updating to the patched version.
AI-Powered Cyber Threats Set to Cause $10.5 Trillion in Damages by 2025
Artificial intelligence is transforming cybersecurity threats, with sophisticated phishing and ransomware attacks specifically targeting small and medium businesses. Organizations must adopt multi-layered defense strategies as AI-driven attacks become increasingly harder to detect and more financially devastating.
Cryptocurrency Mining Malware Infiltrates Home Server Through Exposed Docker Container
A cybersecurity researcher's personal server was hijacked by Kinsing malware after briefly exposing a Docker database container online. The incident highlights critical security lessons for home server administrators and the growing sophistication of threats targeting personal networks.
Voltage Glitch Attack Cracks 'Unhackable' Raspberry Pi Chip, Claims $20K Bounty
Engineer Aedan Cullen breached the RP2350 microcontroller's security through an innovative voltage manipulation technique, accessing protected memory despite multiple security layers. The hack exposed critical vulnerabilities in hardware-based security measures and may earn Cullen a $20,000 bounty.