GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.
Posted inCybersecurity News

GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.

After a hunter scored a bounty in their bug bounty program, GitHub released patches addressing a high-severity remote code execution (RCE) vulnerability, tracked as CVE-2025-3509, that affected multiple versions of GitHub Enterprise Server. There is no indication that the vulnerability was exploited in the wild prior to patching.
Eight significant vulnerabilities were discovered in 742 printer devices from four different manufacturers, with one being unpatchable.
Posted inCybersecurity News

Eight significant vulnerabilities were discovered in 742 printer devices from four different manufacturers, with one being unpatchable.

Researchers at Rapid7 have discovered eight significant security vulnerabilities affecting hundreds of printer models from Brother and other major vendors. In total, 742 device models across four vendors—Brother, Fujifilm Business Innovation, Ricoh, and Toshiba Tec Corporation—are impacted. The vulnerabilities primarily affect multifunction printers, but also include scanners and label makers.
SonicWall has issued a warning about a trojanized version of its NetExcender SSL VPN that is stealing user information.
Posted inCybersecurity News

SonicWall has issued a warning about a trojanized version of its NetExcender SSL VPN that is stealing user information.

SonicWall has issued an alert about an active campaign distributing a trojanized version of its NetExtender SSL VPN client designed to steal user information, specifically VPN credentials and configuration details. This fake NetExtender app closely mimics the legitimate version 10.3.2.27 but has been modified by threat actors to exfiltrate sensitive data to a remote server.
The computer hacker’s guide to the Russian language – how Russia’s language fits into cybercriminal campaigns.
Posted inReferences

The computer hacker’s guide to the Russian language – how Russia’s language fits into cybercriminal campaigns.

English-speaking hackers employ several strategies to target Russian-language systems, leveraging technical evasion, linguistic deception, and collaborative networks. For instance, Russian malware often avoids infecting systems with Cyrillic language settings to bypass local law enforcement. English hackers exploit this by adding Russian registry keys to mimic language settings without full installation, installing virtual Russian keyboards to trigger malware’s geo-avoidance, and using scripts to set system locales to ru-RU (e.g., via Windows batch commands).
Army releases Unified Network Plan 2.0 and a new emphasis on zero-trust principles.
Posted inCybersecurity News

Army releases Unified Network Plan 2.0 and a new emphasis on zero-trust principles.

The Army Unified Network Plan 2.0 (AUNP 2.0) is the latest strategic framework guiding the modernization and integration of the U.S. Army’s information technology infrastructure to meet the demands of contemporary and future warfare. Released in March 2025, AUNP 2.0 builds directly on the foundation established by the original 2021 plan, which focused on unifying disparate Army networks under common standards, systems, and processes to reduce complexity and increase integration.
TAG-140’s DRAT V2 malware upgrade offers a substantial improvement over its initial version.
Posted inCybersecurity News

TAG-140’s DRAT V2 malware upgrade offers a substantial improvement over its initial version.

The new DRAT V2 variant raises significant concerns due to its enhanced operational capabilities, evolved targeting strategy, and improved evasion techniques, which collectively increase its threat to critical infrastructure and national security. DRAT V2 is the latest variant of the DRAT (Delphi Remote Access Trojan) malware, recently identified in a TAG-140 campaign targeting Indian government and critical infrastructure organizations. TAG-140, linked to the SideCopy subgroup and Transparent Tribe (APT36), is known for its evolving and diverse malware arsenal.
Trezor, the creator of hardware wallets, has issued a warning to its customers about a sneaky phishing campaign that uses their support portal.
Posted inCybersecurity News

Trezor, the creator of hardware wallets, has issued a warning to its customers about a sneaky phishing campaign that uses their support portal.

Trezor, a leading manufacturer of hardware cryptocurrency wallets, has issued an urgent alert to its users about a sophisticated phishing campaign that abused its automated support system to send deceptive emails. Attackers exploited Trezor’s public contact form by submitting support requests using real users’ email addresses—likely obtained from previous data breaches—which triggered legitimate-looking automated replies from Trezor’s support system.
A newly discovered campaign, active since at least 2021, targeted 70 Microsoft Exchange servers worldwide using sophisticated keylogger malware.
Posted inCybersecurity News

A newly discovered campaign, active since at least 2021, targeted 70 Microsoft Exchange servers worldwide using sophisticated keylogger malware.

A recent, significant cyberattack campaign has targeted over 70 Microsoft Exchange servers across 26 countries, with the aim of stealing user credentials using sophisticated keylogger malware. The attacks have been documented by cybersecurity researchers, particularly Positive Technologies, who identified two main types of keylogger code injected into the Outlook login pages of compromised servers.