Security researchers warn that hackers are exploiting a critical vulnerability in Wing FTP Server to gain control of affected systems. The vulnerability identified as CVE-2025-47812 can allow remote code execution at the root level due to a null byte and Lua injection issue, according to Huntress researchers. Huntress researchers noticed …
Read More »
Cybersecurity researcher Jeremiah Fowler found an unsecured database with 245,949 records, reported to vpnMentor. It likely belonged to a tax credit consulting agency and contained personal information such as PII, driver’s licenses, military discharge forms, Social Security numbers, and other sensitive documents. The database was unprotected and held 245,949 records …
Read More »
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a significant increase in their activities. The FBI has announced that the cybercriminal group UNC3944 is now targeting the airline industry using advanced social engineering to attack major carriers. This alert …
Read More »
A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly from ‘Verizon USA’. The author marked this information as ‘2025’, hinting at a possible new data breach. Sensitive information revealed includes names, birth dates, tax IDs, addresses, and phone numbers. …
Read More »
Unidentified hackers are targeting exposed Microsoft Exchange servers to inject harmful code into login pages and steal credentials. Positive Technologies published an analysis last week revealing two types of JavaScript keylogger code on the Outlook login page. Those that save collected data to a local file accessible over the internet …
Read More »
A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication by taking advantage of Google’s “app-specific password” feature. Google’s Threat Intelligence Group reported that from April to early June, an operation pretended to be US State Department officials in emails, …
Read More »
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC) software, indicating a potential test for a larger operation. This report details SuperCard, a malicious version of NFCGate, made for sharing NFC data between two nearby devices. Cybercriminals have exploited …
Read More »
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal information, social security numbers, and other sensitive data. The publicly exposed database was not password-protected or encrypted. It contained 170,360 records with a total size of 116.24GB. The dataset features …
Read More »
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel’s IKE affecting UDP port 500. The attack centers around CVE-2023-28771, a high-severity remote code execution vulnerability (CVSS 9.8) affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500. Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On …
Read More »
WestJet, Canada’s second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the breach. “WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users,” reads a security advisory on WestJet’s site. “We …
Read More »
InfoSecBulletin Cybersecurity for mankind