Report finds sophisticated network of 17,000 fake news websites used to promote investment fraud.
Posted inCybersecurity News

Report finds sophisticated network of 17,000 fake news websites used to promote investment fraud.

A new report from cybersecurity firm CTM360 has uncovered a vast and sophisticated network of more than 17,000 fake news websites fueling investment fraud on a global scale. The findings, detailed in CTM360’s “BaitTrap” report, highlight the growing threat posed by these so-called Baiting News Sites (BNS), which have been identified in over 50 countries.
Italian authorities have apprehended a suspected key member of China’s state-sponsored cyberespionage group, Silk Typhoon.
Posted inCybersecurity News

Italian authorities have apprehended a suspected key member of China’s state-sponsored cyberespionage group, Silk Typhoon.

Italian authorities have detained Xu Zewei, a 33-year-old Chinese national, at Milan Malpensa Airport on July 3, 2025, following an international warrant issued by the United States. Xu, also known by the aliases Zavier Xu and David Xu, is suspected of being a key member of Silk Typhoon—also known as Hafnium—a notorious Chinese state-sponsored cyberespionage group.
Cybersecurity community raises alarms over RondoDox and its sophisticated exploitation of TKB DVRs and Four-Faith routers.
Posted inCybersecurity News

Cybersecurity community raises alarms over RondoDox and its sophisticated exploitation of TKB DVRs and Four-Faith routers.

A newly discovered botnet, dubbed RondoDox, is raising alarms across the cybersecurity community due to its sophisticated exploitation of vulnerabilities in TBK digital video recorders (DVRs) and Four-Faith routers. By targeting these often-overlooked devices, RondoDox is able to conscript large numbers of endpoints into its network, using them to launch powerful distributed denial-of-service (DDoS) attacks. Researchers say the botnet’s advanced evasion techniques and destructive persistence mechanisms mark a significant escalation in the threat landscape for IoT and networked device security.
Decade-old critical buffer overflow vulnerability in open-source Multi-Router Looking Glass (MRLG) is being actively exploited in the wild.
Posted inCybersecurity News

Decade-old critical buffer overflow vulnerability in open-source Multi-Router Looking Glass (MRLG) is being actively exploited in the wild.

A critical buffer overflow vulnerability, identified as CVE-2014-3931, was discovered in Multi-Router Looking Glass (MRLG), a widely used network diagnostic tool, more than a decade ago. This flaw affects MRLG versions prior to 5.5.0 and poses a significant security risk, as it allows remote attackers to execute arbitrary code, potentially compromising the integrity and security of affected systems. CISA today added it to the CISA Known Exploited Vulnerabilities (KEV) Catalog indicating widespread exploitation is taking place.
The threat landscape for macOS users has shifted dramatically with the latest evolution of the Atomic macOS Stealer (AMOS).
Posted inCybersecurity News

The threat landscape for macOS users has shifted dramatically with the latest evolution of the Atomic macOS Stealer (AMOS).

The notorious Atomic macOS Stealer (AMOS) infostealer, previously known for its ability to exfiltrate sensitive data from Apple computers, now features a sophisticated backdoor component. This enhancement allows cybercriminals to maintain persistent, remote access to compromised systems, significantly increasing the potential for long-term exploitation.
CISA says multiple vulnerabilities in Synacor Zimbra Collaboration Suite (ZCS) are being widely exploited.
Posted inCybersecurity News

CISA says multiple vulnerabilities in Synacor Zimbra Collaboration Suite (ZCS) are being widely exploited.

The popularity of Synacor Zimbra Collaboration Suite (ZCS) has made it a frequent target for cyberattacks, particularly those exploiting Server-Side Request Forgery (SSRF) vulnerabilities. SSRF flaws can allow attackers to manipulate the server into making unauthorized requests to internal or external systems, potentially exposing sensitive data or enabling further exploitation such as remote code execution (RCE). Today, CISA added CVE-2019-9621 (an SSRF vulnerability in ZCS) to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation.
Splunk issues a series of security advisories highlighting multiple critical vulnerabilities.
Posted inCybersecurity News

Splunk issues a series of security advisories highlighting multiple critical vulnerabilities.

Splunk has released a series of vulnerability advisories for July 2025. These advisories, identified as SVD-2025-0712 through SVD-2025-0701, highlight important security updates and address several vulnerabilities across Splunk’s product suite. Below, we provide a comprehensive overview of these advisories, their impact, and recommended actions for Splunk administrators and security professionals.
Sam Altman confirms GPT-5 will combine OpenAI’s top models to create a single “magic” unified intelligence.
Posted inCybersecurity News

Sam Altman confirms GPT-5 will combine OpenAI’s top models to create a single “magic” unified intelligence.

OpenAI has officially confirmed that GPT-5 will consolidate the capabilities of its various AI models into a single, unified system. This represents a significant shift in the company's approach to AI development, moving away from the current fragmented model ecosystem toward what CEO Sam Altman calls "magic unified intelligence".