CVE-2025-10547: DrayOS WebUI Flaw Allows Hackers Full Control
CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.
Tag: breach
Read More
Hackers Breach Intelliloan, Expose SSNs and Driver’s Licenses
Intelliloan has notified customers of a March 2025 hack that exposed sensitive PII such as Social Security numbers, driver’s licenses, and financial data across its systems.
Red Hat, GitHub Cyberattack Exposes Customer Information
Hackers breached Red Hat and GitHub in coordinated attacks and stole customer data, underscoring risks even in widely trusted development platforms.
Confidential Computing Fails: Battering RAM Attack Succeeds
Researchers developed a $50 memory interposer, dubbed “Battering RAM,” that can bypass Intel SGX and AMD SEV-SNP confidential computing protections by manipulating memory paths.
New MatrixPDF Attack Weaponizes PDFs for Phishing Campaigns
Researchers have uncovered a new cybercriminal toolkit called MatrixPDF, designed to transform normal PDF files into weapons for phishing and malware delivery. This toolkit lowers the barrier for attackers. In fact, it provides ready made templates that let even inexperienced hackers craft PDF lures capable of bypassing security filters. As a result, phishing campaigns become…
Harrods Warns Customers of Data Breach Involving Third-Party Provider
Harrods informed loyalty program members of a data breach tied to a third-party provider. The luxury retailer is investigating and urging customer caution.
CISA Confirms Federal Agency Breached via Critical GeoServer Flaw
CISA has confirmed hackers breached a U.S. federal agency by exploiting CVE-2024-36401, a critical flaw in GeoServer. Attackers used web shells, brute force, and lateral movement to persist in the network. CISA warns agencies to patch quickly and strengthen defenses.