A total of five serious security flaws have been identified within the Ingress NGINX Controller for Kubernetes, potentially leading to unauthenticated remote code execution (RCE), with over 6,500 clusters susceptible on the public internet. These vulnerabilities, cataloged as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, have been collectively named IngressNightmare. Each flaw carries a high severity rating (CVSS score of 9.8)
As cybersecurity threats continue to evolve, the rapid emergence of VanHelsing in the ransomware landscape has captured the attention of experts and industry watchers alike. Launched on March 7, VanHelsing has already made a significant impact, demonstrating advanced tactics and an impressive level of sophistication. With ransomware operators consistently developing new strategies and expanding their reach, VanHelsing’s meteoric rise signifies
The Federal Communications Commission (FCC) has launched an investigation into whether companies linked to the People’s Republic of China are continuing to operate and sell prohibited equipment in the United States, despite being listed on the agency’s “covered list” of potential security risks. This action follows a series of cyber intrusions targeting U.S. telecommunications firms in the current year and
Researchers from GreyNoise have identified active exploitation of CVE-2025-24813, a remote code execution (RCE) vulnerability in Apache Tomcat web server software. This critical flaw, disclosed on March 10, affects several versions of Apache Tomcat, including versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. Following the public disclosure of a proof-of-concept exploit on a Chinese forum, there were
The realm of cross-border payments has long been plagued by inefficiencies, delays, and high costs that impede global trade and financial transactions. In an era where seamless and instantaneous transactions are vital for businesses operating on an international scale, RTGS.global and TransferMate have forged a significant partnership to address and resolve these longstanding issues. This collaboration aims to streamline and
Oracle Cloud is currently facing serious allegations of a significant security breach that has potentially affected numerous tenants. CloudSEK, a cybersecurity firm, has reported that around six million records may have been extracted due to an undisclosed vulnerability within Oracle’s cloud infrastructure. However, Oracle has firmly denied any breach and maintains that its systems are secure. This situation has generated
Recent developments have thrust New York University’s (NYU) admissions process into the spotlight, following a significant cyber breach where a hacker posted disputed SAT, ACT scores, and GPAs segmented by race for the 2024 student cohort. This unprecedented data exposure has sparked widespread scrutiny and debate, particularly as the hacker claims the data reveals illegal race-based admissions practices. Several racial
How often do people use cash these days? This question might seem almost outdated as digital payments have become the norm, transforming how society handles money. The ease and efficiency of cashless transactions are appealing, but it’s essential to understand both the benefits and challenges of this monumental shift. A Transformation in How We Pay From local coffee shops to
Cloud-native ransomware attacks are becoming increasingly prevalent as more organizations migrate sensitive data to cloud storage solutions, often leaving extensive vulnerabilities exposed. The SANS Institute has recently highlighted this issue, warning that these attacks target sensitive data within cloud storage buckets. According to the Palo Alto Networks Unit 42 Cloud Threat Report, about 66% of cloud storage buckets contain sensitive
The landscape of cybersecurity is continuously evolving, with attackers leveraging increasingly sophisticated methods to compromise user systems. HP’s latest Threat Insights Report has illuminated a troubling rise in malicious CAPTCHA campaigns. These campaigns successfully deceive users into executing PowerShell commands that subsequently install the Lumma Stealer Remote Access Trojan (RAT). The increase in such attacks has been linked to users’
In today’s ever-evolving cybersecurity landscape, IT teams are constantly striving to protect their networks from unauthorized access and potential breaches. However, even with sophisticated tools in place, certain security risks are frequently overlooked. These vulnerabilities, often stemming from simple oversights, can have significant repercussions if left unaddressed. This article compiles crucial insights from over 10,000 internal network penetration tests highlighting
In a startling revelation, cybersecurity firm Kaspersky has reported a significant collaboration between two notorious threat clusters, Head Mare and Twelve, targeting Russian entities. The collaboration signals a new phase of cyber warfare, leveraging sophisticated tools and techniques to breach and compromise both state and private infrastructures. This article delves into the various methods employed by these clusters, their targets,
