CVE-2025-10547: DrayOS WebUI Flaw Allows Hackers Full Control
CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.
Read More
WhatsApp Enumeration Reveals Global User Directory Exposure
A WhatsApp API flaw allowed researchers to enumerate 3.5 billion accounts by abusing weak rate-limiting in the contact-discovery endpoint, exposing global phone-number mappings and public profile metadata that adversaries could weaponize for large-scale phishing, impersonation and SIM-swap attacks.
CVE-2025-25065: Zimbra RSS SSRF Vulnerability Unpacked
Zimbra Collaboration’s RSS feed parser has a newly disclosed SSRF vulnerability (CVE-2025-25065). Attackers can abuse it to access internal endpoints and internal services that should remain isolated. This article explains how the flaw works, its potential impact, and how you can defend your environment.
Russia Attempts to Weaponize Starlink for Frontline Warfare
Russia is attempting to weaponize Starlink by acquiring terminals through illicit channels and using them for battlefield communications. This in-depth report examines how Russian units exploit the system, how SpaceX responds, and why satellite networks are becoming critical wartime assets.
Hackers Use Antivirus Installers as Trojan Delivery System
Hackers have corrupted trusted antivirus software installers, injecting malicious code that installs hidden malware instead of legitimate protection.
Security researchers warn that this supply chain compromise could expose enterprises and consumers to large-scale remote control and data theft.
WhatsApp and Signal Flaw Enables Silent Real-Time Tracking
A subtle messaging protocol flaw allows attackers to track WhatsApp and Signal users in real time and silently drain device batteries using delivery receipt side-channels. This deep-dive explains how the attack works, why metadata matters, and what users and platforms must do next.
Hackers Dump Qantas Data Online After Ransom Deadline Ends
Hackers have leaked data stolen from Qantas Airways after the airline missed a ransom deadline. The leak includes customer identifiers, flight data, and communication logs. Authorities are working with ACSC and AFP Cybercrime Operations to contain exposure and verify authenticity.
MonoLock Ransomware: What Security Teams Must Know Today
Actors on underground forums are now selling a turnkey ransomware toolkit named MonoLock v1.0 designed to target small and medium organisations, disable backups, encrypt data at scale via AES-256/RSA-2048, and demand payment through an automated Tor portal. Security teams must recognise this shift in the ransomware-as-a-service (RaaS) business model and reinforce detection, defence and incident response accordingly.
Four-Year Sentence for Student Behind PowerSchool Data Breach
A college student has been sentenced to four years in federal prison for orchestrating a PowerSchool cyberattack that compromised sensitive education data. The case highlights growing concerns over insider-driven breaches targeting school information systems.
Block BEC: 9 Microsoft 365 Rules That Actually Work
Business email compromise drains budgets with executive spoofing and invoice fraud. This practical Microsoft 365 guide shows nine rules that actually stop BEC: tuned anti-phish and impersonation, Safe Links and Safe Attachments, SPF/DKIM/DMARC, phishing-resistant MFA with Conditional Access, external sender tags, mailbox hygiene, attack simulation, and a short incident playbook.