Author: Staff Writer

Top Highlights Critical Vulnerability Alert: Hackers are exploiting a severe vulnerability in Citrix Netscaler, tracked as CVE-2025-5777, raising concerns of widespread cyber threats akin to previous ransomware attacks. Memory Overread Risk: This vulnerability, due to insufficient input validation, can lead to memory overread when Netscaler is used as a Gateway, posing significant security risks. Exploitation Activity Detected: Since June 26, 2023, there have been ongoing exploitation attempts for CVE-2025-5777, supported by findings from cybersecurity experts. Increased Scanning Reports: Researchers report a spike in scanning activity correlated with the release of proofs of concept from various research firms, indicating heightened threat…

Trend Micro uncovers the criminal playbook for deepfake-enabled cybercrime Trend Micro Incorporated, a global cybersecurity leader, released a new report exposing the scale and maturity of deepfake-enabled cybercrime. As generative AI tools become more powerful, affordable, and accessible, cybercriminals are rapidly adopting them to support attacks, ranging from business fraud to extortion and identity theft. The report shows how deepfakes have moved beyond hype into real-world exploitation, undermining digital trust, exposing companies to new risks, and accelerating the business models of cybercriminals. Cyber Technology Insights : N2K Partners With Technology Innovation Hub TAC to Strengthen Cybersecurity Workforce Certificate Readiness David Sancho, senior threat researcher at…

An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm). “Linked to the notorious Fox Kitten APT group and closely tied to the well-known Mimic ransomware, […] Pay2Key.I2P appears to partner with or incorporate Mimic’s capabilities,” Morphisec security researcher Ilia Kulmin said. “Officially, the group offers an 80% profit share (up from 70%) to…

FASTx joins CPG network to provide fractional healthcare leadership CommonWealth Purchasing Group (CPG), the nation’s leading group purchasing organization for Community Health Centers and other community-based, nonprofit healthcare providers, announced a strategic partnership with FASTx Partners LLC, a mission-driven firm specializing in fractional executive leadership, consulting, and cybersecurity services. This collaboration will provide CPG’s member organizations with access to a unique team of experts equipped to strengthen clinical operations, optimize technology infrastructure, and drive population health improvement. Cyber Technology Insights : N2K Partners With Technology Innovation Hub TAC to Strengthen Cybersecurity Workforce Certificate Readiness FASTx Partners is redefining how health centers approach…

Quick Takeaways Arrests Made: The UK’s National Crime Agency arrested four individuals—two 19-year-olds, a 17-year-old, and a 20-year-old female—linked to cyberattacks on major retailers like Marks & Spencer, Co-op, and Harrods, resulting in significant disruptions. Charges and Investigation: The suspects face various charges, including Computer Misuse Act offenses and blackmail, with police confiscating electronic devices for further evidence. The NCA is prioritizing this investigation, signaling its seriousness. Impact on Retail: The attacks notably disrupted Marks & Spencer’s operations, leading to a $402 million (£300 million) loss in profit due to customer data breaches that required widespread password resets. Threat Group…

apexanalytix launches a powerful new capability for its Cyber Risk solution, enabling Risk and Information Security teams to rapidly collect third-party documentation, efficiently assess security postures, automatically align controls to NIST, CIS and ISO frameworks, and maintain continuous risk visibility. Customers adopting this capability can achieve up to an 87.5% reduction in Analyst time per supplier assessment, streamlining throughput while enhancing depth and accuracy. Configurable segmentation and risk multipliers allow clients to embed their own security policies and priorities into assessment workflows, ensuring each vendor is evaluated against the right criteria and reducing manual handoffs. Cyber Technology Insights : KnowBe4 Shares Cybersecurity Best…

Essential Insights Vulnerability Discovery: Cybersecurity researchers have identified four critical vulnerabilities, termed PerfektBlue, in OpenSynergy’s BlueSDK Bluetooth stack, potentially allowing remote code execution (RCE) on vehicles from Mercedes-Benz, Volkswagen, Skoda, and at least one other unnamed manufacturer. Exploitation Potential: The vulnerabilities enable attackers within Bluetooth range to execute a one-click attack on in-vehicle infotainment (IVI) systems, potentially providing access to sensitive functions such as GPS tracking and engine control, depending on the vehicle’s internal architecture. Vulnerability Details: The four identified CVEs include: CVE-2024-45434 (8.0) – Use-After-Free in AVRCP service CVE-2024-45431 (3.5) – Improper validation of an L2CAP channel’s remote CID…

HCLSoftware, a global leader in enterprise software, has introduced HCL Domino 14.5, tailored specifically for governments and regulated industries prioritizing data privacy. This new release brings major upgrades to the Domino+ sovereign collaboration suite, notably featuring Domino IQ – an AI extension designed to uphold organizational data security and privacy. Cyber Technology Insights : N2K Partners With Technology Innovation Hub TAC to Strengthen Cybersecurity Workforce Certificate Readiness With Domino IQ, users can automate workflows, analyse data, and deploy AI models built internally or by trusted partners, ensuring complete control over their AI use. This aligns with compliance demands such as the European…

Essential Insights Vulnerabilities in AMD Processors: Microsoft researchers discovered four new transient execution vulnerabilities in AMD processors, prompting firmware updates and mitigations from AMD to prevent potential sensitive data leakage. US Sanctions Against North Korean Hacker: The US Treasury Department sanctioned Song Kum Hyok, linked to the hacking group Andariel, for orchestrating fake IT worker schemes that exploit American identities to generate revenue for North Korea. Security Breach in Docker Hub: A scan revealed 644 unique exposed secrets, including sensitive access tokens, across over 80,000 popular Docker Hub images, highlighting risks in container security. Escalating Cybersecurity Concerns: Fortinet’s report indicates…

Jul 11, 2025Ravie LakshmananCyber Attack / Vulnerability A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null (‘\0’) bytes in the server’s web interface, which allows for remote code execution. It has been addressed in version 7.4.4. “The user and admin web interfaces mishandle ‘\0’ bytes, ultimately allowing injection of arbitrary Lua code into user session files,” according to an advisory for the flaw on CVE.org. “This can be used to execute…