July 2025 – Page 45

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times.
The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025.
First released by 7finney in 2022, Ethcode is a VS Code extension that’s used to

SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover

SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise.

The post SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover appeared first on SecurityWeek.

Exploits, Technical Details Released for CitrixBleed2 Vulnerability

Researchers released technical information and exploit code targeting a critical vulnerability (CVE-2025-5777) in Citrix NetScaler.

The post Exploits, Technical Details Released for CitrixBleed2 Vulnerability appeared first on SecurityWeek.

Qantas Hit with Extortion Demand After Data Breach

The Australian airline says a cybercriminal attempted to extort it after customer data was stolen from a contact center.

The post Qantas Hit with Extortion Demand After Data Breach appeared first on SecurityWeek.

5 Ways Identity-based Attacks Are Breaching Retail

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about…
In recent months, major retailers like Adidas, The North Face, Dior, Victoria’s Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated

RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox.
The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries.
These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or

Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia.
The activity, per cybersecurity vendor Kaspersky, has been active since July 2024.
“The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract,” the Russian company said. “The main goal of the

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of flaws is as follows –

CVE-2014-3931 (CVSS score: 9.8) – A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. […]

Month: July 2025