threatnote

 A significant security flaw has been identified in the popular YONO SBI banking application that could potentially expose millions of users to cybersecurity threats.  The vulnerability, designated as CVE-2025-45080, affects…

[[{"value":"As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow.  The post Kelly Benefits Data Breach Impacts 550,000 People appeared first on…

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD

 A severe arbitrary file deletion vulnerability has been discovered in the popular Forminator WordPress plugin, affecting over 600,000 active installations worldwide.  The vulnerability, assigned CVE-2025-6463 with a high CVSS rating…

 A critical Remote Code Execution (RCE) vulnerability in Anthropic’s MCP Inspector tool, designated as CVE-2025-49596, has a severe CVSS score of 9.4.  This vulnerability represents one of the first critical…

 The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed comprehensive sanctions on Aeza Group, a Russia-based bulletproof hosting (BPH) services provider that enabled cybercriminal activities…

[[{"value":"A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared…

 A sophisticated new ransomware variant identified as DEVMAN has emerged from the DragonForce ransomware-as-a-service ecosystem, targeting both Windows 10 and Windows 11 systems with notable behavioral differences between operating system…

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well

[[{"value":"CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild. The post CISA Warns of Two Exploited TeleMessage Vulnerabilities  appeared first on…

[[{"value":"The International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack. The post Cyberattack Targets International Criminal Court appeared first on SecurityWeek."}]] Read More