Proof-of-Concept Released for SysAid On-Premise

In March 2025, SysAid released updates addressing XML (extensible markup language) external entity vulnerabilities and an OS command injection vulnerability in its on-premise platform. SysAid is an IT service management platform. Cyber Security firm watchTowr Labs has released proof-of-concept exploit Read More …

Android fixes 47 vulnerabilities, including one zero-day – update as soon as you can!

Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. Read More …

MicroDicom Releases DICOM Viewer Software Update

The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability found in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format. Read More …

Lampion Is Back With ClickFix Lures

Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors. This campaign was orchestrated by the threat actors behind Lampion malware, an infostealer that focuses on sensitive Read More …

Top ticket resale platform hit by data breach

Ticket reselling platform Ticket To Cash kept an unprotected database online, exposing sensitive information on hundreds of thousands of customers, experts have warned. The database was discovered by cybersecurity researcher Jeremiah Fowler, who managed to get in touch with the Read More …

Hundreds of top ecommerce sites under attack following Magento supply chain flaw

Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately Read More …

TeleMessage, a modified Signal clone used by US government officials, has been hacked

A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, Read More …

Kidnappers in France target cryptocurrency entrepreneurs for ransom

French police rescued the father of a wealthy cryptocurrency entrepreneur in a nighttime raid after he was taken hostage for ransom, the latest alleged criminal effort in France to extort people involved in the management of digital assets. The man Read More …

Scattered Spider hacking group allegedly behind cyber-attacks on Marks & Spencer

The culprit behind the M&S cyber attack is still a matter of investigation but speculation has pointed to a group called Scattered Spider. Also called UNC3944, Octo Tempest or Muddled Libra, Scattered Spider is a hacking group comprised of hackers Read More …