Tag: communications
-
Germany’s top court holds that police can only use spyware to investigate serious crimes
The plaintiffs argued that a 2017 rules change enabling law enforcement to use spyware to eavesdrop on encrypted chats and messaging platforms could unfairly expose communications belonging to people who are not criminal suspects. First seen on therecord.media Jump to article: therecord.media/germany-spyware-limitations-court-rules
-
6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.”The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view…
-
6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.”The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view…
-
#BHUSA: Security Researchers Uncover Critical Flaws in Axis CCTV Software
Claroty researchers have uncovered four vulnerabilities in a proprietary protocol used by surveillance equipment manufacturer Axis Communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bhusa-critical-flaws-axis-cctv/
-
Jury Holds Meta Accountable in ‘Landmark’ Privacy Decision
Verdict Says Meta Tracked Consumers’ Sensitive Data in Flo Health App. A federal jury found that Meta violated California privacy laws by eavesdropping and recording confidential communications without the consent of millions of consumers who used Flo Health’s fertility app embedded with Meta’ software development tools and tracking pixels. First seen on govinfosecurity.com Jump to…
-
Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens
Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling libraries. The campaign, first reported on July 18, 2025, utilizes a typosquatted domain, npnjs.com, to mimic legitimate npm communications and trick developers into surrendering their authentication tokens. This multi-stage operation begins with automated emails scraped…
-
Attackers Target Legacy Code in TeleMessage’s Signal Clone
Multiple US Government Agencies Have Used the Now-Patched Message Archiving App. Attackers are actively attempting to exploit a vulnerability that exists in older versions of the Signal message app clone TeleMessage TM SGNL, built by Smarsh to keep copies of all communications, including the ability to comply with federal record-keeping requirements. First seen on govinfosecurity.com…
-
Cisco warns of another critical RCE flaw in ISE, urges immediate patching
Tags: access, ai, api, breach, cisco, communications, credentials, endpoint, exploit, flaw, network, radius, rce, remote-code-execution, risk, update, vulnerability, wifiFaster patching is needed: Barr is concerned about the flaw in finding N-day abuse. “While it’s positive that Cisco is transparent in disclosure and swift in releasing patches, the reality is that patching these types of vulnerabilities, especially in large, distributed enterprise environments, is not instantaneous,” he said. “Restart requirements and dependencies on high-availability setups…
-
New QR Code Attacks Through PDFs Bypass Detection and Steal Credentials
Tags: attack, communications, credentials, cyber, detection, email, exploit, intelligence, phishing, qrResearchers at Cyble Research and Intelligence Labs (CRIL) have uncovered an ongoing quishing campaign dubbed >>Scanception,
-
Massive Data Leak at Texas Adoption Agency Exposes 1.1 Million Records
Texas adoption agency suffers major data leak, exposing over 1.1M sensitive records including case notes, contact info, and internal communications to public without any security authentication or password. First seen on hackread.com Jump to article: hackread.com/massive-data-leak-texas-adoption-agency-million-records/
-
FCC wants to ban Chinese tech from undersea cables
The Federal Communications Commission said Wednesday that the ban will be part of a broader package of policies to encourage an expansion of submarine telecommunications infrastructure while protecting it from “foreign adversary threats.” First seen on therecord.media Jump to article: therecord.media/fcc-plans-to-ban-chinese-tech-undersea-cables
-
Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network
China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units…
-
GTT Extends Palo Alto Networks Alliance to Add Managed SASE Service
GTT Communications extended its alliance with Palo Alto Networks to include an additional managed secure access service edge (SASE) offering. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/gtt-extends-palo-alto-networks-alliance-to-add-managed-sase-service/
-
Rubio Impersonator Signals Growing Security Threat From Deepfakes
An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rubio-impersonator-growing-security-threat-deepfakes
-
Kritische Schwachstelle in Cisco Unified CM entdeckt
Tags: bug, cisco, communications, cyberattack, exploit, infrastructure, rce, remote-code-execution, risk, vulnerabilityBereits zum zweiten Mal in einer Woche muss Cisco eine Schwachstelle mit höchsten Schweregrad melden.Cisco meldete kürzlich eine Schwachstelle mit höchster Schweregradbewertung (CVSS 10 von 10) in seinen Produkten Unified Communications Manager (Unified CM) und Session Management Edition (Unified CM SME). Die betroffenen Lösungen sind Kernkomponenten der TK-Infrastruktur und werden in Behörden, Finanzinstituten und großen…
-
Static Credentials Flaw Patched in Cisco Systems
Flaw Exposes Remote Privilege Escalation Risk. Cisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/static-credentials-flaw-patched-in-cisco-systems-a-28899
-
Protecting Your Business Communications: The Critical Role of Secure Email Gateways
Email is still the backbone of how businesses communicate, with more than 300 billion messages sent every day…. First seen on hackread.com Jump to article: hackread.com/protecting-business-communications-secure-email-gateway/
-
Cisco Unified CM Vulnerability Lets Remote Attacker Gain Root Access
A newly disclosed, critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) has exposed organizations to the risk of full system compromise. Tracked as CVE-2025-20309 and assigned a maximum CVSS score of 10.0, the flaw allows unauthenticated remote attackers to gain root access using static, hardcoded SSH credentials that were inadvertently left in…
-
Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309)
Cisco has issued a new security advisory addressing a severe vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The flaw, now identified as CVE-2025-20309, carries the highest possible CVSS score of 10.0. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisco-patches-cve-2025-20309-vulnerability/
-
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.The vulnerability, tracked as CVE-2025-20309, carries a CVSS…
-
Cisco removed the backdoor account from its Unified Communications Manager
Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development. Cisco Unified Communications Manager (CUCM) is a call…
-
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threatThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
-
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/
-
Ghost in the Machine: A Spy’s Digital Lifeline
Tags: access, ai, attack, authentication, best-practice, cloud, communications, control, country, crypto, cyber, data, encryption, endpoint, framework, government, Hardware, identity, infrastructure, intelligence, jobs, law, linux, mfa, military, network, resilience, risk, software, spy, strategy, technology, threat, tool, vpn, windows, zero-trust -
Glasgow City Warns of Parking Fine Scam Amid Ongoing Cybersecurity Incident
Glasgow City Council has issued an urgent alert to drivers across the region following a surge in scam text messages targeting unsuspecting motorists with fraudulent demands for parking fine payments. The authority has confirmed that these deceptive communications, often embedded with malicious links, are part of a sophisticated phishing campaign designed to steal personal and…
-
Mitel’s New Channel Strategy Targets Hybrid Communications Expansion
First seen on scworld.com Jump to article: www.scworld.com/news/mitels-new-channel-strategy-targets-hybrid-communications-expansion