630 matches found
Why Canadian Telecom Providers Are Prime Targets for Cyberattacks
Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure...
Threat actor abuse of AI accelerates from tool to cyberattack surface
For the last year, one word has represented the conversation living at the intersection of AI and cybersecurity: speed. Speed matters, but it’s not the most important shift we are observing across the threat landscape today. Now, threat actors from nation states to cybercrime groups are embedding...
CVE-2026-28029
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX EmojiNation emojination allows PHP Local File Inclusion.This issue affects EmojiNation: from n/a through = 1.0.12...
CVE-2026-28029
CVE-2026-28029 is a Local File Inclusion (LFI) vulnerability in the WordPress ThemeREX EmojiNation EmojiNation theme, due to improper control of the filename in PHP include/require statements. Affects EmojiNation versions from n/a up to and including 1.0.12. The Markdown-referenced sources descri...
Data Siphoning through Advanced Persistent Transmission Attacks at the Physical Layer
Data at the physical layer transmits via media such as copper cable, fiber optic, or wireless. Physical attack vectors exist that challenge data confidentiality and availability. Protocols and encryption standards help obfuscate but often cannot keep the data type and destination secure, with...
CVE-2024-44630
Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009 , where "CL" stands for cluster and "STA" refers to...
The 5 generative AI security threats you need to know about detailed in new e-book
Generative AI is reshaping the way security teams operate—accelerating threat detection, automating workflows, and enabling scale. But as defenders embrace AI to strengthen their posture, cyberattackers are doing the same to evolve faster than traditional defenses can adapt. Microsoft’s 2025...
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications
Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends...
Salt Typhoon APT Group: What Public Sector Leaders and Defenders Should Know
The Rapid7 Threat Focus: Salt Typhoon report profiles one of the most sophisticated and persistent state-sponsored threat actors operating today. Salt Typhoon, a Chinese espionage advanced persistent threat APT group linked to the Ministry of State Security MSS, has spent years infiltrating globa...
Serious F5 Breach
This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a "sophisticated" threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a "long-term." Security researchers who have...
The CISO imperative: Building resilience in an era of accelerated cyberthreats
The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the Office of the Chief Information Security...
Inside the F5 Breach: What We Know and Recommended Actions
On October 15, 2025, F5 Networks disclosed a breach attributed to a sophisticated nation-state actor. In an SEC 8-K form also filed that same day, F5 confirmed unauthorized access to its internal development and knowledge-management systems dating back to August 9, 2025. Some source-code and...
Extortion and ransomware drive over half of cyberattacks
In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Defense Report, written with our Chief Information Security Officer Igor...
F5 Confirms Nation-State Breach, Source Code and Vulnerability Data Stolen
F5 has confirmed it was the victim of a state-sponsored cyberattack that allowed hackers to access its internal…...
F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion
U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated...
EUVD-2014-7507
Malware in sbrugna...
EUVD-2006-1711
Malware in sbrugna...
US Disrupts Massive Cell Phone Array in New York
This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and...
Malicious code in hand-earn-nation (npm)
The package hand-earn-nation was found to contain malicious code...