A critical vulnerability has been identified in the SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) related to pre-authentication deserialisation of untrusted data. This vulnerability poses a significant security risk because, under specific conditions, it could allow…
A significant security vulnerability exists in Cacti, a popular network monitoring tool. This flaw allows authenticated users to exploit the graph creation and template functionalities, potentially leading to the execution of arbitrary PHP scripts within the application’s web root. Affected…
Cybercriminals are increasingly targeting VMware ESXi appliances, leveraging SSH tunneling to establish covert persistence and deploy ransomware on compromised systems, according to cybersecurity experts from Sygnia. VMware ESXi serves as a bare-metal hypervisor that allows multiple virtual machines to operate…
Cybersecurity experts have uncovered a sophisticated cyberattack campaign utilising a malware loader dubbed “MintsLoader” to deliver harmful payloads, including the StealC information stealer and an open-source platform called BOINC. This campaign has primarily targeted critical sectors such as energy, legal…
The U.S. Department of Justice (DOJ) announced charges on Thursday against five individuals involved in a fraudulent scheme. The defendants helped North Korean nationals pose as remote IT workers, generating revenue for the North Korean government. Key Defendants and Charges…
DeepSeek-R1-671B, a 671-billion-parameter Mixture-of-Experts (MoE) model with 37B activated parameters per token, has emerged as a compelling open-source alternative to OpenAI’s proprietary APIs. Early benchmarks reveal its edge in mathematical reasoning (97.3% MATH-500 accuracy vs. GPT-4-o1’s 96.8%) and coding efficiency…
PayPal has been fined $2 million by New York State’s Department of Financial Services (NYDFS) for exposing customers’ personal information, including Social Security numbers, due to inadequate cybersecurity controls. The fine, announced on Thursday, comes after an investigation by the…
UnitedHealth Group revealed on Friday that a cyberattack targeting its technology subsidiary, Change Healthcare, exposed the personal information of approximately 190 million individuals. This incident ranks as the largest healthcare data breach in U.S. history. Ransomware Attack Disrupts Claims Processing…
Microsoft has warned that outdated on-premises Exchange servers are no longer able to automatically apply emergency mitigations for high-risk vulnerabilities due to a change in Office Configuration Service (OCS) certificates. The announcement underscores the importance of keeping Exchange servers updated…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of a long-standing security flaw in the widely-used jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. The vulnerability, designated as…