Police arrested 270 suspects following an international law enforcement action codenamed ‘Operation RapTor’ that targeted dark web vendors and customers from ten countries. […]
Monthly Archives: May 2025
A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. “UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers
22
May
May
Project Green Light, Google Research’s initiative to lower traffic emissions using AI, has expanded to 114 intersections throughout Boston.This technology uses AI and Go…
Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. […]
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. […]
A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). “The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher […]
The Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security failures that led to several data breaches since 2018. […]
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute […]
It’s not enough to be secure. In today’s legal climate, you need to prove it. Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions. Regulators and courts are now holding organizations accountable for how […]
Originally published by CheckRed. Written by Amardip Deshpande, Senior Security Researcher, CheckRed. In February, Angel One, one of India’s leading financial services platforms, disclosed a security breach stemming from unauthorized access to its Amazon Web Services (AWS) infrastructure. While no funds or client credentials were reportedly compromised, personal records of over 8 million users were put […]