-
Cybersecurity researchers have identified a potential connection between two Yemen-based cybercriminal organizations, the Belsen Group and ZeroSevenGroup, following an extensive investigation into their operational patterns and attack methodologies. The discovery comes amid growing concerns about sophisticated network intrusion campaigns targeting critical infrastructure and enterprise systems across multiple continents. The Belsen Group first emerged in January […] The post Researchers Uncover Link Between Belsen and ZeroSeven Cybercriminal Groups appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The emergence of the SystemBC botnet marks a significant evolution in proxy-based criminal infrastructure. Rather than co-opt residential devices for proxying, SystemBC operators have shifted to compromising large commercial Virtual Private Servers (VPS), enabling high-volume proxy services with minimal disruption to end users. In recent months, Lumen Technologies has observed an average of 1,500 newly […] The post SystemBC Botnet Hacked 1,500 VPS Servers Daily to Hire for DDoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA issued a warning of two critical path traversal flaws in Delta Electronics’ DIALink industrial control system software. With a maximum CVSS v4 base score of 10.0, these vulnerabilities could be exploited remotely with low attack complexity to bypass authentication and gain unauthorized access to critical manufacturing environments. Delta Electronics Path Traversal Flaws Delta Electronics […] The post CISA Warns of Delta Electronics Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in HubSpot’s Jinjava template engine, potentially exposing thousands of websites and applications to remote code execution attacks. The flaw, tracked as CVE-2025-59340, carries the maximum CVS…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since January, Trend Micro has tracked a surge in phishing campaigns using AI-powered platforms (Lovable, Netlify, Vercel) to host fake captcha pages that lead to phishing websites. This ploy misleads users and evades security tools. Victims are first …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Luxury jeweler Tiffany and Company has confirmed a data breach that exposed the personal information of 2,590 customers. The company discovered unauthorized access to an external system on September 9, 2025, but determined the incident first occur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as CVE-2025-10035, this vulnerability permits an unauthenticated attacker who can deliver a forged license response signature to trigger Java deserialization of attacker-supplied objects, potentially resulting in arbitrary command execution and full system compromise. Deserialization Flaw (CVE-2025-10035) GoAnywhere MFT’s […] The post Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
UK law enforcement agencies have arrested two individuals linked to the notorious Scattered Spider cybercriminal group. The arrests, announced on Tuesday, pertain to a sophisticated attack on London’s transport systems. Authorities say the suspects inf…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service) Manager API (CVE-2023-49564). With a CVSS 3.1 score of 9.6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1. Tracked as CVE-2025-59340 and rated Critical with a CVSS v3.1 score of 10.0, the issue stems from JavaType‐based deserialization, enabling threat actors […] The post HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
