Blog – Page 434 – Cyber Mike

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks.
The vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an

MuddyWater’s DarkBit ransomware cracked for free data recovery

Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang’s encryptors, allowing them to recover a victim’s files for free without paying a ransom. […]

Chrome Sandbox Escape Earns Researcher $250,000

A researcher has been given the highest reward in Google’s Chrome bug bounty program for a sandbox escape with remote code execution.

The post Chrome Sandbox Escape Earns Researcher $250,000 appeared first on SecurityWeek.

Managing the Trust-Risk Equation in AI: Predicting Hallucinations Before They Strike

New physics-based research suggests large language models could predict when their own answers are about to go wrong — a potential game changer for trust, risk, and security in AI-driven systems.

The post Managing the Trust-Risk Equation in AI: Predicting Hallucinations Before They Strike appeared first on SecurityWeek.

‘Chairmen’ of $100 million scam operation extradited to US

The U.S. Department of Justice charged four Ghanaian nationals for their roles in a massive fraud ring linked to the theft of over $100 million in romance scams and business email compromise attacks. […]

Connex Credit Union Data Breach Impacts 172,000 People

Hackers targeted Connex, one of the largest credit unions in Connecticut, and likely stole files containing personal information.

The post Connex Credit Union Data Breach Impacts 172,000 People appeared first on SecurityWeek.

⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More

This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is ticking—if defenses aren’t updated regularly, it could lead to serious damage. The

Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft

A researcher has demonstrated how a platform used by over 1,000 dealerships in the US could have been used to hack cars.

The post Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft appeared first on SecurityWeek.

6 Lessons Learned: Focusing Security Where Business Value Lives

The Evolution of Exposure Management
Most security teams have a good sense of what’s critical in their environment. What’s harder to pin down is what’s business-critical. These are the assets that support the processes the business can’t function without. They’re not always the loudest or most exposed. They’re the ones tied to revenue, operations, and delivery. If one goes down, it’s more than a

Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada

WinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies.

The post Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada appeared first on SecurityWeek.

Cyber News