Envoy Air confirmed it was targeted in a Clop-linked campaign exploiting vulnerabilities in Oracle E-Business Suite. While the airline asserts no passenger data was affected, business records may have been stolen. This write-up breaks down the tactics, likely exploited CVEs, impacts, and what organizations must do next.
A new campaign runs a clever tech support scam by hijacking Microsoft’s trusted branding. Victims encounter fake emails, CAPTCHA checks, browser-locking overlays, and a bogus phone “helpdesk” all designed to steal credentials or remote access. This article breaks down how the scam works, real indicators, and how you can defend yourself.
Security researchers uncovered multiple vulnerabilities in Microsoft’s BitLocker encryption, exposing Windows systems to data theft, privilege escalation, and bypass attacks. This article analyzes the flaws, their potential impact, and how organizations can secure encrypted drives against exploitation.
Security researchers discovered that Huddle01, a decentralized video-call platform, exposed sensitive user data through an open Kafka server. The leak included email addresses, wallet IDs, and IP metadata raising privacy concerns for blockchain-linked users.
Capita’s £14 million penalty for its 2023 data breach affecting 6.6 million people shows how detection without swift response leads to disaster. This in-depth breakdown explores the incident, lessons for CISOs, and the rising cost of regulatory failures.
CISA has flagged CVE-2025-54253, a maximum-severity (CVSS 10.0) vulnerability in Adobe Experience Manager (AEM), as already under active attack. The root cause lies in how the /adminui/debug servlet misinterprets user-supplied OGNL expressions as Java code without authentication or validation. This flaw lets unauthenticated attackers execute system commands remotely. In this article, you’ll get the full technical breakdown, threat scenarios, detection strategies, mitigation plans, and best practices specific to AEM deployments.
In early 2025, China-linked APT group Jewelbug infiltrated a Russian IT service provider, operating undetected for months. The campaign demonstrates the evolution of Chinese espionage and the rising threats to supply chain integrity across borders.
Instagram’s latest overhaul introduces PG-13-level restrictions for teen accounts. Under the update, users under 18 will have tighter filters, limited searches, and parental approval requirements for more open settings.
Attackers behind the ClickFix campaign registered over 13,000 unique domains to execute browser-based malware through fake CAPTCHA lures and clipboard tricks. This breakdown reveals their infrastructure, tactics, and defenses every security team must implement.
The UK now endures four nationally significant cyber attacks every week. Here’s the verified picture behind the surge, the sectors feeling the pressure, why the threat curve steepened, and how security teams should respond without delay.