CISA has added three crucial security flags to KVE, highlighting vulnerabilities in AMI MegaRAC, D-Link routers, and FortiOS (hardcoded credentials).
Posted inCybersecurity News

CISA has added three crucial security flags to KVE, highlighting vulnerabilities in AMI MegaRAC, D-Link routers, and FortiOS (hardcoded credentials).

On Wednesday, June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three significant security flaws to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are actively being exploited in the wild and pose serious risks to affected systems.
Energy sector is being targeted with malware that exploits Microsoft’s ClickOnce deployment on AWS cloud services.
Posted inCybersecurity News

Energy sector is being targeted with malware that exploits Microsoft’s ClickOnce deployment on AWS cloud services.

A sophisticated hacking campaign dubbed “OneClik” is exploiting Microsoft’s ClickOnce deployment technology and AWS cloud services to stealthily target organizations in the energy, oil, and gas sectors. Attackers initiate the attack through phishing emails containing links to fake “hardware analysis” sites hosted on Azure Blob Storage. These sites deliver a ClickOnce manifest (.application file) disguised as legitimate software.
Hundreds of misconfigured MCP servers (used to connect LLMs with third party services) have exposed critical security flaws.
Posted inCybersecurity News

Hundreds of misconfigured MCP servers (used to connect LLMs with third party services) have exposed critical security flaws.

Hundreds of Model Context Protocol (MCP) servers used to connect LLMs with third-party services, data sources, and tools contain critical security flaws in their default configurations. These vulnerabilities expose users to unauthorized operating system command execution, data breaches, and systemic compromise. Below is a detailed analysis of the risks and mitigation strategies.
Researchers discover new wave of malicious npm (Node Package Manager) packages planted by North Korean state-sponsored actors.
Posted inCybersecurity News

Researchers discover new wave of malicious npm (Node Package Manager) packages planted by North Korean state-sponsored actors.

Cybersecurity researchers have recently identified a new wave of malicious npm (Node Package Manager) packages tied to the ongoing “Contagious Interview” operation, which is attributed to North Korean state-sponsored threat actors. This campaign specifically targets software developers who are actively seeking employment, leveraging the trust and routine practices of the tech hiring process.
Researchers find old OAuth vulnerabilities continue to threaten thousands of SaaS applications.
Posted inCybersecurity News

Researchers find old OAuth vulnerabilities continue to threaten thousands of SaaS applications.

Recent research reveals that despite being disclosed in June 2023, the nOAuth vulnerability continues to threaten thousands of SaaS applications. Semperis’s June 2025 findings indicate that over 15,000 enterprise SaaS apps remain exposed to this authentication flaw in Microsoft Entra ID, enabling attackers to hijack user accounts with minimal effort.
Newly emerged ransomware group, Dire Wolf, has already claimed 16 victims in just one month.
Posted inCybersecurity News

Newly emerged ransomware group, Dire Wolf, has already claimed 16 victims in just one month.

Dire Wolf is a newly emerged ransomware group first observed in May 2025, already making a significant impact with targeted attacks against organizations worldwide. As of late June 2025, the group has claimed at least 16 victims across 11 countries, with the United States, Thailand, and Taiwan among the most affected nations. The group’s primary targets are in the manufacturing and technology sectors, but its reach is global and expanding.
G DATA researchers observe surge in malware infections via Authenticode stuffing originating from ConnectWise clients.
Posted inCybersecurity News

G DATA researchers observe surge in malware infections via Authenticode stuffing originating from ConnectWise clients.

Since March 2025, cybersecurity researchers—most notably from G DATA—have observed a surge in malware infections originating from ConnectWise clients. These infections are linked to a sophisticated technique called Authenticode stuffing, which allows attackers to trojanize legitimate software and deploy malware while bypassing traditional security checks.
WinRAR releases patch to address a directory transversal vulnerability that enabled attackers to execute arbitrary code.
Posted inCybersecurity News

WinRAR releases patch to address a directory transversal vulnerability that enabled attackers to execute arbitrary code.

WinRAR has recently addressed a critical directory traversal vulnerability identified as CVE-2025-6218, which could allow attackers to execute arbitrary code on affected systems. The vulnerability was discovered by security researcher “whs3-detonator” and reported through Trend Micro’s Zero Day Initiative.
SAP has patched two critical vulnerabilities in its SAP GUI input history feature, which could potentially expose sensitive data.
Posted inCybersecurity News

SAP has patched two critical vulnerabilities in its SAP GUI input history feature, which could potentially expose sensitive data.

SAP has addressed two significant vulnerabilities in its Graphical User Interface (SAP GUI) input history feature, affecting both the Windows and Java versions of the client. These flaws, tracked as CVE-2025-0055 and CVE-2025-0056, posed a risk of sensitive data exposure due to insecure local storage of user input history.
Mainline Health Systems and Select Medical Holdings disclose breaches impacting more than 200,000 customers.
Posted inCybersecurity News

Mainline Health Systems and Select Medical Holdings disclose breaches impacting more than 200,000 customers.

Mainline Health Systems, a nonprofit healthcare provider based in Arkansas, disclosed a major data breach affecting 101,104 individuals. The incident occurred on or about April 10, 2024, but was only confirmed after a detailed investigation concluded on May 21, 2025. The breach involved unauthorized access to the organization’s network, resulting in the exposure and potential theft of sensitive personal and health information.