Scattered Spider’s Strategic Hunt: Is Your Industry Next?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Introduction In April 2025, a single phone call didn’t just ‘help crash’ Marks & Spencer’s...

Time-Bin Encoded Quantum Key Distribution over 120 Km with a Telecom Quantum Dot Source

Quantum key distribution QKD with deterministic single photon sources has been demonstrated over intercity fiber and free-space channels. The previous implementations relied mainly on polarization encoding schemes, which are susceptible to birefringence, polarization-mode dispersion and...

AZL-64068 CVE-2025-4748 affecting package erlang for versions less than 25.3.2.21-2

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

VulnCheck KEV: CVE-2025-32433

Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution RCE. By exploiting a flaw in how SSH protocol...

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. T...

SafeCOMM: What about Safety Alignment in Fine-Tuned Telecom Large Language Models?

Fine-tuning large language models LLMs for telecom tasks and datasets is a common practice to adapt general-purpose models to the telecom domain. However, little attention has been paid to how this process may compromise model safety. Recent research has shown that even benign fine-tuning can...

The vulnerability of theOTP library set in the Erlang programming language lies in the lack of control over the data entered by users. This allows attackers to trigger a service failure.

The vulnerability of theOTP library in the Erlang programming language is related to the lack of control over the data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...

SK Telecom Uncovers Two-Year Malware Attack, Leaking 26M IMSI Records

SK Telecom reveals malware intrusion that remained hidden for nearly two years, led to the leaking of 26.69…...

CVE-2024-30567

An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality...

CVE-2024-9088

A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used...

CVE-2024-26157

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response t...

CVE-2024-26154

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages...

CVE-2024-26155

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...

CVE-2024-26156

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client...

CVE-2023-42738

In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2023-42743

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2023-42741

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-42745

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2023-42736

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2023-42748

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...