Cyber Security News

ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. “This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. “The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans,…

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the…

SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn’t. These platforms weren’t built with full-scale data

Data allegedly from Manhattan Parking Group has been leaked on a hacking forum. The listing claims that the breach occurred this month (June 2025). The data fields include: Customer ID, First Name, Last Name, E-mail, Cell Phone Number, Order Number, Company Code, Garage, Date From, Time From, Date To, Time To, Vehicle Type, Options, Vehicle…

Sharon Otterman reports: A potential cyberattack continued for a second day to cause widespread computer system outages at Columbia University on Wednesday as the school’s engineers worked to investigate the problem and restore service. The attack, which began in the early morning hours on Tuesday, initially shut down all systems on the school’s Morningside campus…

The 420.in reports: The Supreme Court recently upheld the Tamil Nadu government’s decision to invoke preventive detention laws against cybercriminals. Justices Sandeep Mehta and Joymalya Bagchi termed the move “a very welcome approach,” highlighting the urgent need to address the growing threat of online financial fraud through stronger, faster legal mechanisms. […] Preventive detention allows…

Adam Vidler reports: A former student has been charged over a series of cyber attacks on a Sydney university that affected hundreds of staff and students. Since 2021, Western Sydney University had suffered a series of cyber hacks involving unauthorised access, data exfiltration, system compromise and misuse of university infrastructure – including threatening the sale of student…

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. “In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to