Introduction: a cross-border takedown of a SIM-box CaaS platform European law enforcement has disrupted a cybercrime-as-a-service (CaaS) operation that rented out phone numbers from a vast SIM-box infrastructure to help criminals register and run tens of millions of fake online…
Introduction: what’s the problem? A critical misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on JEE, tracked as CVE-2025-54253 and rated CVSS 10.0, is being actively exploited in the wild. The flaw enables pre-authentication compromise of AEM Forms servers and…
Introduction — the problem in a nutshell Cisco IOS/IOS XE devices are under active attack via CVE-2025-20352, a stack overflow in the SNMP subsystem. Once exploited (with the required credentials), attackers can execute code as root and implant a stealthy…
Introduction: what happened Dairy Farmers of America (DFA)—a farmer-owned U.S. dairy cooperative—confirmed that a June 2025 cyberattack led to the exposure of personal data for 4,546 individuals, including employees and co-op members. Stolen data may include names, SSNs, driver’s license/ID…
Introduction: what’s vulnerable and why it matters Multiple file-parsing vulnerabilities in Fuji Electric V-SFT—the configuration/development software used to program MONITOUCH HMIs—can be triggered when an engineer opens a malicious V-SFT project file. Successful exploitation can lead to arbitrary code execution…
Introduction: A new spin on bulletproof hosting Google’s Threat Intelligence Group (GTIG) reports that a DPRK-linked cluster (UNC5342) is now using EtherHiding—a technique that stores second-stage malware inside public blockchain smart contracts on chains like BNB Smart Chain and Ethereum.…
Introduction: what happened Sotheby’s has disclosed a data breach following a July 24, 2025 intrusion in which an unknown actor removed files from the company’s environment. Subsequent review confirmed exposure of highly sensitive personal data—including full names, Social Security numbers…
Introduction: a zero-day chain from LFI to RCE Gladinet has released security updates for its CentreStack (and hosted equivalents) after researchers observed in-the-wild exploitation of a new bug tracked as CVE-2025-11371. The flaw is an unauthenticated Local File Inclusion (LFI)…
Introduction: what happened and why it matters Microsoft says it disrupted an ongoing ransomware operation by revoking more than 200 fraudulently used code-signing certificates tied to Vanilla Tempest (aka Vice Spider / Vice Society). The actor signed fake Microsoft Teams…