A malicious file was discovered in the downloads section of Xubuntu.org, the official website of the Ubuntu distribution featuring the Xfce desktop environment. The counterfeit installer, disguised as “Xubuntu — Safe Downloader,” was designed...
The South Korean government has officially confirmed a cyberattack on the nation’s key infrastructure—two months after the incident occurred. According to the report, attackers gained access to the Onnara document management system, used by...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that a vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, is already being actively exploited in real-world attacks. Classified as a...
The Everest ransomware group has claimed responsibility for the attack on Collins Aerospace, which caused widespread disruption of passenger check-in systems across major European airports in September. The attackers allege they gained access to...
The Israeli company NSO Group, best known for developing the Pegasus spyware, has officially lost its right to interact with WhatsApp and its users. A U.S. federal court has granted Meta’s lawsuit, imposing a...
A total of 269,000 F5 BIG-IP devices have been found exposed to remote access on the internet, despite the company’s recent admission of a large-scale compromise of its infrastructure. The discovery was made by...
Since the disclosure of two critical vulnerabilities in 7-Zip, the situation has escalated sharply: functional proof-of-concept exploits are now publicly available that reproduce attacks by altering extraction paths and injecting arbitrary files. This elevates...
The Google Project Zero team has disclosed a critical vulnerability in the Dolby DDPlus Unified Decoder that permits remote arbitrary code execution on Android devices without any user interaction. Tracked as CVE-2025-54957, the flaw...
The Chinese Ministry of State Security (MSS) has announced the uncovering of “irrefutable evidence” pertaining to a cyber-attack targeting the National Time Service Center (NTSC), the institution entrusted with maintaining the standard Beijing Time....
European law enforcement agencies executed a sweeping operation, codenamed SIMCARTEL, successfully dismantling an international criminal infrastructure that supplied virtual telephone numbers to fraudsters. According to Europol, this illicit service was instrumental in perpetrating over...
The Asterisk development team has announced the release of Asterisk 23.0.0, now available for download on GitHub and the project’s official website. The new version addresses numerous user-reported bugs and introduces several enhancements aimed...
Microsoft has patched a critical vulnerability in the Kestrel web server for ASP.NET Core, tracked as CVE-2025-55315. Classified as an HTTP Request Smuggling flaw, it enables an authenticated attacker to “inject” additional requests into...
