A critical security vulnerability has been identified in the Commvault Command Center Innovation Release, specifically affecting version 11.38. Known as CVE-2025-34028, this vulnerability allows unauthenticated remote attackers to execute arbitrary code, potentially leading to a complete system compromise. The flaw arises from a path traversal vulnerability that enables malicious ZIP files to be uploaded and expanded within the system, resulting
The rise of cloud computing has revolutionized how businesses handle their data and workflows. However, it has also brought new security challenges, particularly regarding privilege escalation. This research delves into Google Cloud Composer’s security, exploring the risks associated with privilege escalation and reviewing the recently uncovered “ConfusedComposer” vulnerability. Background and Context Google Cloud Composer is a managed workflow orchestration service,
Recently, Gmail, one of the most widely used email services with billions of users globally, has come under attack from sophisticated phishing scams. These scams have successfully bypassed Google’s robust security measures, raising significant concerns among users. Recognizing the severity of these attacks, Google has issued an important update, providing guidelines to protect users against such threats. Understanding these steps
Recent months have seen an alarming uptick in the sophistication and audacity of Fog ransomware attacks, exposing new and unsettling tactics that have kept cybersecurity experts on high alert. Trend Micro revealed that throughout March and early April, new variants of the malware have emerged with ransom notes referencing the U.S. Department of Government Efficiency (DOGE) and even incentivizing insider
In the complex and ever-evolving world of cybersecurity, the activities of Lotus Panda, a China-linked cyber espionage group, have raised significant concerns as they have compromised multiple organizations across Southeast Asia. Between August 2024 and February 2025, Lotus Panda infiltrated entities, including a government ministry, an air traffic control organization, a telecoms operator, and a construction company. Most notably, the
Imagine carrying sensitive information around in your pocket, only to find out that it could be easily accessed by someone else. This unsettling scenario highlights a major security lapse identified within Samsung’s One UI system. Users have found, and Samsung has confirmed, that passwords copied to the clipboard on their devices are stored in plain text. The ramifications of this
The landscape of cybersecurity threats is constantly shifting, driven by the ingenuity of attackers and the vulnerabilities prevalent within systems. Recent incidents from the past week have shed light on how nation-state actors and emerging exploits are reshaping the threat environment. The complexity and persistence of these threats underscore the continuous evolution of tactics employed by cyber adversaries. Recent reports
The integration of artificial intelligence (AI) into the arsenal of cybercriminals has significantly increased the sophistication and success rate of cyber-attacks, posing a formidable challenge to traditional detection methods. As the technology landscape rapidly evolves, so do the tactics of malicious actors who blend AI with social engineering to exploit vulnerabilities in cybersecurity defenses. These developments have rendered conventional security
In today’s highly regulated sectors, such as healthcare, insurance, and financial services, the demand for robust security and compliance measures is more critical than ever. Ushur has strengthened its commitment to data protection and regulatory adherence by renewing its HITRUST r2 certification. Known for its Customer Experience Automation (CXA) platform powered by AI, Ushur offers advanced tools that ensure seamless
European diplomats are facing a new cyber threat, as the Russian nation-state actor known as Midnight Blizzard, also referred to as Cozy Bear or APT29, has launched a phishing campaign targeting their systems. Midnight Blizzard, connected to Russia’s foreign intelligence service (SVR), is notorious for its espionage operations directed at governments and critical industries. This recent campaign uses sophisticated methods
A significant data breach has impacted Hertz Corporation due to vulnerabilities within the Cleo file transfer software. This incident, which took place between October and December 2024, involved the theft of sensitive personal data by an unauthorized third party. Hertz discovered the breach on February 10, 2025, and concluded its data analysis on April 2, revealing that over 3,400 Maine
A critical security vulnerability has been discovered in the Erlang/Open Telecom Platform (OTP) SSH implementation, arousing significant concern among security professionals and organizations reliant on this technology. Known as CVE-2025-32433, this flaw has garnered a maximum Common Vulnerability Scoring System (CVSS) score of 10.0, unmistakably indicating its severity and potential for exploitation. The vulnerability stems from the improper handling of
