WinRAR releases patch to address a directory transversal vulnerability that enabled attackers to execute arbitrary code.
Posted inCybersecurity News

WinRAR releases patch to address a directory transversal vulnerability that enabled attackers to execute arbitrary code.

WinRAR has recently addressed a critical directory traversal vulnerability identified as CVE-2025-6218, which could allow attackers to execute arbitrary code on affected systems. The vulnerability was discovered by security researcher “whs3-detonator” and reported through Trend Micro’s Zero Day Initiative.
SAP has patched two critical vulnerabilities in its SAP GUI input history feature, which could potentially expose sensitive data.
Posted inCybersecurity News

SAP has patched two critical vulnerabilities in its SAP GUI input history feature, which could potentially expose sensitive data.

SAP has addressed two significant vulnerabilities in its Graphical User Interface (SAP GUI) input history feature, affecting both the Windows and Java versions of the client. These flaws, tracked as CVE-2025-0055 and CVE-2025-0056, posed a risk of sensitive data exposure due to insecure local storage of user input history.
Mainline Health Systems and Select Medical Holdings disclose breaches impacting more than 200,000 customers.
Posted inCybersecurity News

Mainline Health Systems and Select Medical Holdings disclose breaches impacting more than 200,000 customers.

Mainline Health Systems, a nonprofit healthcare provider based in Arkansas, disclosed a major data breach affecting 101,104 individuals. The incident occurred on or about April 10, 2024, but was only confirmed after a detailed investigation concluded on May 21, 2025. The breach involved unauthorized access to the organization’s network, resulting in the exposure and potential theft of sensitive personal and health information.
US Department of State will require all visa applications to set the privacy settings of their personal social media accounts to “public”.
Posted inCybersecurity News

US Department of State will require all visa applications to set the privacy settings of their personal social media accounts to “public”.

As of June 2025, the U.S. Department of State has introduced a new rule requiring all applicants for F, M, and J nonimmigrant visas to set the privacy settings of their personal social media accounts to “public” before submitting their visa applications. This policy is now in effect globally and impacts students, vocational trainees, and exchange visitors seeking to travel to the United States.
French authorities arrest five operators of the notorious BreachForums hacking forum.
Posted inCybersecurity News

French authorities arrest five operators of the notorious BreachForums hacking forum.

French authorities have arrested five individuals believed to be operators of the notorious BreachForums hacking forum, a major online marketplace for trading and leaking stolen data. The arrests were carried out by the cybercrime unit (BL2C) of the Paris police department on June 23, 2025, with simultaneous raids conducted in the regions of Hauts-de-Seine (Paris), Seine-Maritime (Normandy), and Réunion (overseas).
Microsoft’s Entra subscription management system has a gap that allows guests to transfer Azure subscriptions to external tenants. But don’t worry about it – Microsoft says it’s by design.
Posted inCybersecurity News

Microsoft’s Entra subscription management system has a gap that allows guests to transfer Azure subscriptions to external tenants. But don’t worry about it – Microsoft says it’s by design.

A significant gap in Microsoft Entra’s subscription handling allows guest users to create and transfer Azure subscriptions into external tenants they’re invited to while retaining full ownership. This design oversight enables privilege escalation and unauthorized persistence, bypassing standard access controls.
Cyber Fattah is on a tear. Breaches, and leaks, SQL dumps of thousands of highly sensitive records from Saudi Games.
Posted inCybersecurity News

Cyber Fattah is on a tear. Breaches, and leaks, SQL dumps of thousands of highly sensitive records from Saudi Games.

A significant data breach involving thousands of personal records from the Saudi Games, one of the largest national sporting events in Saudi Arabia, was recently disclosed. The breach is attributed to a pro-Iranian hacktivist group known as Cyber Fattah, which announced the leak on June 22, 2025, via its official Telegram channel. The stolen data was published as SQL dumps after unauthorized access to the phpMyAdmin backend of the Saudi Games 2024 registration platform.
Google Chrome 138 addresses 11 security vulnerabilities including a medium-severity vuln reported in their bug bounty program.
Posted inCybersecurity News

Google Chrome 138 addresses 11 security vulnerabilities including a medium-severity vuln reported in their bug bounty program.

Google has released Chrome 138, now rolling out as version 138.0.7204.49 for Linux and 138.0.7204.49/50 for Windows and macOS, bringing important security and feature updates to users. Chrome 138 addresses 11 security vulnerabilities, including several discovered and reported by external security researchers.
GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.
Posted inCybersecurity News

GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.

After a hunter scored a bounty in their bug bounty program, GitHub released patches addressing a high-severity remote code execution (RCE) vulnerability, tracked as CVE-2025-3509, that affected multiple versions of GitHub Enterprise Server. There is no indication that the vulnerability was exploited in the wild prior to patching.