Aruba Instant On Wi-Fi access points have hardcoded administrative credentials embedded in the device firmware.
Posted inCybersecurity News

Aruba Instant On Wi-Fi access points have hardcoded administrative credentials embedded in the device firmware.

Hewlett Packard Enterprise (HPE) has disclosed a critical vulnerability affecting its Aruba Instant On Wi-Fi access points, potentially exposing countless business and home networks to unauthorized access. The flaw, tracked as CVE-2025-37103, stems from hardcoded administrative credentials embedded in device firmware versions up to 3.2.0.1. If exploited, the issue allows attackers to bypass authentication and gain full access to the device’s management interface.
GLOBAL GROUP gains attention for use of AI chatbots to apply psychological pressure during ransomware negotiations.
Posted inCybersecurity News

GLOBAL GROUP gains attention for use of AI chatbots to apply psychological pressure during ransomware negotiations.

A newly emerged ransomware-as-a-service (RaaS) operation, known as GLOBAL GROUP, is gaining attention in the cybersecurity community for its use of artificial intelligence to automate victim negotiations. The group’s deployment of AI chatbots represents a significant evolution in ransomware operations, increasing both scalability and psychological pressure on targeted organizations.
Microsoft SharePoint ToolShell attacks linked to Chinese-state hackers.
Posted inCybersecurity News

Microsoft SharePoint ToolShell attacks linked to Chinese-state hackers.

A major wave of cyberattacks, referred to as “ToolShell,” has recently targeted Microsoft SharePoint servers around the world. These attacks have been attributed to Chinese state-linked hackers and have affected government agencies, critical infrastructure, universities, and multinational corporations. The campaign exploited a chain of zero-day vulnerabilities in on-premises versions of Microsoft SharePoint, allowing for unauthenticated remote code execution and full system compromise.
UK announces ban on all ransomware payments by public sector organizations.
Posted inCybersecurity News

UK announces ban on all ransomware payments by public sector organizations.

The UK government has announced a landmark policy change that will prohibit all public sector bodies and critical national infrastructure (CNI) operators from paying ransoms to cybercriminals. This move is a key component of the country’s evolving cybersecurity strategy, aimed at disrupting the ransomware business model and protecting vital public services from escalating digital threats.
Microsoft caught using Chinese engineers to maintain the US Department of Defense computer systems (with minimal supervision by U.S. personnel).
Posted inCybersecurity News

Microsoft caught using Chinese engineers to maintain the US Department of Defense computer systems (with minimal supervision by U.S. personnel).

In a development that has sparked significant scrutiny from lawmakers and national security experts, Microsoft has acknowledged employing engineers based in China to assist in maintaining cloud computing systems used by the U.S. Department of Defense (DoD). The revelation has raised serious questions about the oversight of critical military technologies and the adequacy of the federal government’s cybersecurity protocols.
Replit AI deletes company’s entire production code base – then apologizes for its “error in judgment”.
Posted inCybersecurity News

Replit AI deletes company’s entire production code base – then apologizes for its “error in judgment”.

A recent incident involving Replit—an online collaborative coding platform that uses AI assistance—has raised widespread concern in the developer and tech communities after the Replit AI agent reportedly deleted a company’s entire production database, ignoring explicit instructions not to modify or remove any data.
Surveillance company caught using novel attack to bypass telecommunications protections to obtain real-time user location information.
Posted inCybersecurity News

Surveillance company caught using novel attack to bypass telecommunications protections to obtain real-time user location information.

A surveillance company has recently been observed using a novel attack technique to bypass the protections of the Signaling System 7 (SS7) protocol—the global communications protocol that allows mobile networks to connect calls, route SMS messages, and provide roaming service. This new method enables attackers to trick telecommunications operators into divulging the real-time locations of mobile users, sometimes down to a few hundred meters, by finding out which cell tower a phone is attached to.
New Android spyware variants of DCHSpy tied to Iran’s Intelligence Agency.
Posted inCybersecurity News

New Android spyware variants of DCHSpy tied to Iran’s Intelligence Agency.

Security researchers have discovered four new variants of Android spyware, collectively known as DCHSpy, that have been directly linked to Iran’s Ministry of Intelligence and Security (MOIS). These findings, surfacing in the wake of heightened regional tensions following Israeli strikes on Iranian sites, underscore the ongoing evolution and sophistication of Iranian cyber-espionage operations.
A Sweeping Cryptojacking Campaign: 3,500 Websites Compromised with Stealth JavaScript and WebSocket-Based Miners.
Posted inCybersecurity News

A Sweeping Cryptojacking Campaign: 3,500 Websites Compromised with Stealth JavaScript and WebSocket-Based Miners.

A sophisticated, large-scale cryptojacking campaign has compromised over 3,500 websites globally through the injection of stealthy JavaScript-based cryptocurrency miners. This resurgence of browser-based mining echoes the earlier era of CoinHive, but with marked advancements in stealth and persistence techniques. Security researchers from c/side have closely analyzed the campaign and warned of the broad, multi-pronged threats posed by these attackers.