Author: Staff Writer

Essential Insights The Pennsylvania Attorney General’s office has suffered a severe cyberattack, disabling its systems, including phone lines and email, with the staff actively working to restore services and investigate the incident. Although no group has officially claimed responsibility, the incident exhibits hallmarks of a ransomware attack, with ongoing investigations unable to determine a direct cause yet. A critical vulnerability in Citrix NetScaler appliances, tracked as CVE-2025-5777, has been identified as a potential entry point for the attack, linked to other breaches in critical organizations globally. The Cybersecurity and Infrastructure Security Agency (CISA) has categorized the CVE-2025-5777 vulnerability as actively…

Fast Facts Critical Vulnerabilities Identified: Xerox’s FreeFlow Core software has critical vulnerabilities (CVE-2025-8356 & CVE-2025-8355) that could allow remote code execution and server-side request forgery, with CVSS scores of 9.8 and 7.5, respectively. Urgent Security Upgrade Advised: Users are urged to upgrade to FreeFlow Core version 8.0.5 to patch these security flaws, as they are easy to exploit. Discovery Through Customer Reports: Horizon3.ai discovered these issues after a customer reported unusual network activity, leading to the identification of vulnerabilities. Risks from Printer Vulnerabilities: Printer vulnerabilities pose significant security risks as they often require open access to other systems, potentially enabling…

Aug 13, 2025Ravie LakshmananMalvertising / Cryptocurrency Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot. “PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system access,” Cisco Talos researchers Edmund Brumaghin and Jordyn Dunk said. “PS1Bot has been designed with stealth in mind, minimizing persistent artifacts left on infected systems and incorporating in-memory execution techniques to facilitate execution of follow-on modules without requiring them to be written to…

Quick Takeaways Manpower, based in Lansing, Michigan, reported a ransomware data breach affecting approximately 140,000 individuals, with the incident traced back to unauthorized access between December 29, 2024, and January 12, 2025. The breach was revealed following an IT outage on January 20, 2025, leading to the discovery that hackers stole personal information during their access to Manpower’s network. The Maine Attorney General confirmed that 144,180 individuals had their personal data compromised, aligning with Manpower’s findings. Affected individuals are being offered free credit monitoring and identity theft protection, while the RansomHub ransomware group claimed responsibility, listing Manpower on their site…

Essential Insights Fortinet’s Critical Flaw: Fortinet issued 14 advisories, notably CVE-2025-25256, a critical vulnerability in FortiSIEM that enables unauthenticated remote code execution through malicious CLI requests; a proof-of-concept exploit is publicly available. High-Severity Vulnerabilities: Two high-severity vulnerabilities include CVE-2025-52970, allowing authentication bypass in FortiWeb, and CVE-2024-26009, which permits device control via crafted FGFM requests if FortiManager’s serial number is known. Ivanti’s Security Advisories: Ivanti released three advisories, including high-severity vulnerabilities in Ivanti Avalanche for remote code execution and flaws in Ivanti’s secure access products that can facilitate denial-of-service attacks. Urgency for Patching: Both Fortinet and Ivanti urge customers to promptly…

Essential Insights Targeted Ransomware Campaign: A new ransomware family named Charon is targeting the public sector and aviation in the Middle East, employing advanced persistent threat (APT) techniques such as DLL side-loading and process injection. Advanced Evasion Tactics: Charon’s capabilities include terminating security services, deleting backups, and a planned "bring your own vulnerable driver" attack to disable endpoint detection, indicating sophisticated development. Sophisticated Attack Patterns: The use of customized ransom notes suggests a targeted approach rather than opportunistic attacks, with links to tactics shown by the China-linked group Earth Baxia, though attribution remains uncertain. Increasing Ransomware Threats: The rise in…

Top Highlights Patch Overview: Microsoft’s August 2025 Patch Tuesday updates address over 100 vulnerabilities, with none currently exploited in the wild, though one (CVE-2025-53779) is publicly disclosed. Critical Vulnerabilities: A dozen vulnerabilities are rated ‘critical’, including CVE-2025-53766, a Windows remote code execution flaw with a CVSS score of 9.8, requiring user interaction through malicious content. Additional Risks: Other critical issues include CVE-2025-50165 (graphics component), CVE-2025-53740, and CVE-2025-53731 (both affecting Office), highlighting various remote execution risks through user engagement with crafted content. Exploitability Assessment: Microsoft considers the overall likelihood of exploitation for these vulnerabilities as ‘less likely’ or ‘unlikely’, indicating a…

Fast Facts Data Breach Overview: Allianz Life suffered a significant data breach revealing 2.8 million sensitive records linked to business partners and customers due to ongoing Salesforce-targeted attacks by the ShinyHunters extortion group. Details of the Attack: The breach was connected to a third-party cloud-based CRM system, compromising personal information such as names, addresses, phone numbers, and Tax IDs, largely from their 1.4 million customers. Extortion Tactics: ShinyHunters reportedly used social engineering tactics to gain access to Salesforce instances, utilizing a malicious OAuth app to extract databases and subsequently extort Allianz via email. Threat Actor Dynamics: The incident highlights collaboration…

The biggest concern for security teams in Microsoft’s August 2025 patch update — the second consecutive update with no actively exploited bugs — is several elevation-of-privilege (EoP) vulnerabilities that allow attackers to turn an initial foothold into total system compromise.The August update contains fixes for 111 unique Common Vulnerabilities and Exposures (CVEs), of which as many as 44 (39%) are issues that attackers can use post-compromise to elevate privileges to admin level on a system, in many instances.A Motley Collection of FlawsAmong them is a maximum severity vulnerability in Azure OpenAI, CVE-2025-53767 (CVSS score: 10.00), which organizations don’t have to…

Summary Points Data Breach Overview: Manpower, along with its subsidiaries, is notifying 144,189 individuals about a data breach that occurred between December 29, 2024, and January 12, 2025, leading to the potential theft of personal information. Attack Details: The RansomHub ransomware group claimed responsibility for the breach, allegedly stealing about 500GB of sensitive data, including personal details and corporate documents, before removing the entry from their dark web site, suggesting a possible ransom payment. Company Response: In the wake of the incident, Manpower has implemented enhanced security measures, is cooperating with the FBI, and is providing free credit monitoring and…