Tag: communications
-
Broadcom Extends Reach and Scope of Cybersecurity Portfolio
Tags: ai, communications, compliance, conference, cybersecurity, framework, intelligence, technology, update, vmware, zero-trustBroadcom today added a slew of cybersecurity updates, including a technology preview of an update to VMware vDefend that secures communications between artificial intelligence (AI) agents, promising to improve overall resiliency and automate compliance workflows. Announced at the VMware Explore 2025 conference, the update to vDefend introduces a zero-trust framework for AI agents. Additionally, Broadcom..…
-
Hackers Exploit SendGrid to Steal User Login Credentials in Latest Attack
Tags: attack, cloud, communications, credentials, cyber, cybersecurity, defense, email, exploit, hacker, login, phishing, serviceCybersecurity researchers at the Cofense Phishing Defense Center (PDC) have uncovered a fresh surge in credential harvesting attacks that leverage the reputable cloud-based email service SendGrid to distribute phishing emails. Attackers are exploiting SendGrid’s trusted status, commonly used for transactional and marketing communications, to craft messages that evade standard email security gateways. By spoofing sender…
-
Why satellite cybersecurity threats matter to everyone
Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/brett-loubert-deloitte-satellite-cybersecurity-threats/
-
Nuance Agrees to Pay $8.5M to Settle MOVEit Hack Litigation
Tags: communications, data, exploit, flaw, hacker, healthcare, microsoft, moveIT, software, zero-daySettlement Is Latest Among Scores of Other MOVEit Lawsuits Still Pending. Nuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software’s MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance’s healthcare clients.…
-
System Shocks? EV Smart Charging Tech Poses Cyber-Risks
Trend Micro’s Salvatore Gariuolo talks with the Black Hat USA 2025 News Desk about how the new ISO 15118 standard for electric vehicle smart charging and vehicle-to-grid communications can be weaponized by threat actors. First seen on darkreading.com Jump to article: www.darkreading.com/iot/ev-smart-charging-cyber-risks
-
New Research Reveals Security Vulnerabilities Linked to Popular VPN Apps
Researchers have uncovered deceptive practices among major VPN providers, linking seemingly independent entities into three distinct >>families
-
New Sni5Gect Attack Targets 5G to Steal Messages and Inject Payloads
Tags: 5G, attack, communications, cyber, cybersecurity, framework, infrastructure, malicious, technology, vulnerabilityCybersecurity researchers at Singapore University of Technology and Design have unveiled a sophisticated new attack framework calledSNI5GECTthat can intercept 5G communications and inject malicious payloads without requiring a rogue base station. The research demonstrates significant vulnerabilities in the current 5G infrastructure that could allow attackers to crash devices, downgrade connections, and steal user identities from…
-
UK’s Colt hit by cyberattack, support systems offline amid ransom threat
Tags: api, attack, china, communications, cve, cyberattack, data, data-breach, exploit, finance, flaw, group, infrastructure, Internet, microsoft, network, programming, ransom, rce, remote-code-execution, russia, service, software, threat, update, vulnerabilitywith samples on a Russian Tor site.”We’ve seen already this year that telecom is particularly vulnerable to attacks, and I think this WarLock attack highlights some recurring issues that telecom and large-scale network service providers are starting to see,” said Gabrielle Hempel, Security Operations Strategist at Exabeam. “There’s this operational ripple effect when you’re a…
-
ShinyHunters Claims BreachForums Seized by Law Enforcement, Now a Honeypot
Tags: authentication, breach, communications, cyber, data, hacking, infrastructure, law, privacy, threatThe threat actor known as ShinyHunters has publicly disclosed what they claim is a covert seizure of BreachForums, a notorious online platform used for trading stolen data and discussing illicit hacking activities. According to ShinyHunters’ announcement, the forum’s core infrastructure, including its official Pretty Good Privacy (PGP) key used for cryptographic authentication and secure communications,…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic.Details of the vulnerabilities dubbed 2TETRA:2BURST were presented at the Black Hat USA First seen on…
-
Finland charges captain of suspected Russian ‘shadow fleet’ tanker for subsea cable damage
In a statement on Monday, Finland’s National Prosecution Authority said they had brought aggravated criminal mischief and aggravated interference with communications charges against the three senior officers aboard the Eagle S, a tanker registered in the Cook Islands. First seen on therecord.media Jump to article: therecord.media/finland-charges-captain-russia-ghost-fleet-undersea-cable
-
Wikipedia’s operator loses challenge to UK Online Safety Act rules
Although the U.K.’s High Court of Justice dismissed the foundation’s challenge, it said it would revisit the case if the organization was classified as category 1 by Ofcom, the country’s communications regulator, later this year. First seen on therecord.media Jump to article: therecord.media/wikipedia-loses-challenge-online-safety-act-uk
-
Schwachstellen in Überwachungssystemen von Axis erlaubt Angreifern Kamera-Feeds einzusehen und über den Netzwerkzugang Code auszuführen
Die Sicherheitsforscher von Team82, der Forschungsabteilung des Spezialisten für die Sicherheit von cyberphysischen Systemen (CPS) Claroty, haben vier Schwachstellen in Videoüberwachungsprodukten von Axis Communications entdeckt. Werden diese kombiniert, erhalten Angreifer Zugriff auf Systemebene im internen Netzwerk und sind in der Lage, Kameras zu kontrollieren: Feeds können gekapert, beobachtet und/oder abgeschaltet sowie Remote-Code auf den Geräten…
-
Windows RPC Protocol Exploited to Launch Server Spoofing Attacks
A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks. The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services and potentially escalate privileges or steal sensitive credentials. Security researcher SafeBreach uncovered the vulnerability through…
-
Windows RPC Protocol Exploited to Launch Server Spoofing Attacks
A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks. The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services and potentially escalate privileges or steal sensitive credentials. Security researcher SafeBreach uncovered the vulnerability through…
-
Axis Camera Server Vulnerabilities Expose Thousands of Organizations to Attack
Claroty’s Team82 research unit has unveiled four vulnerabilities affecting Axis Communications’ widely deployed video surveillance ecosystem, potentially endangering thousands of organizations worldwide. These flaws, centered on the proprietary Axis.Remoting communication protocol, enable pre-authentication remote code execution (RCE) on key components such as Axis Device Manager (ADM) and Axis Camera Station. Axis, a leading Swedish provider…
-
Axis Security Camera Flaws Enable Remote Takeover
4 Bugs Affecting at Least 6,500 Camera Servers Enable Pre-Auth Attacks on Devices. Researchers who uncovered four severe flaws in Axis Communications’ video management and camera software say thousands of internet-connected surveillance systems are vulnerable to remote attacks. Attackers can execute arbitrary code without authentication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/axis-security-camera-flaws-enable-remote-takeover-a-29149
-
Germany’s top court holds that police can only use spyware to investigate serious crimes
The plaintiffs argued that a 2017 rules change enabling law enforcement to use spyware to eavesdrop on encrypted chats and messaging platforms could unfairly expose communications belonging to people who are not criminal suspects. First seen on therecord.media Jump to article: therecord.media/germany-spyware-limitations-court-rules
-
6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.”The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view…
-
6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.”The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view…
-
#BHUSA: Security Researchers Uncover Critical Flaws in Axis CCTV Software
Claroty researchers have uncovered four vulnerabilities in a proprietary protocol used by surveillance equipment manufacturer Axis Communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bhusa-critical-flaws-axis-cctv/
-
Jury Holds Meta Accountable in ‘Landmark’ Privacy Decision
Verdict Says Meta Tracked Consumers’ Sensitive Data in Flo Health App. A federal jury found that Meta violated California privacy laws by eavesdropping and recording confidential communications without the consent of millions of consumers who used Flo Health’s fertility app embedded with Meta’ software development tools and tracking pixels. First seen on govinfosecurity.com Jump to…
-
Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens
Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling libraries. The campaign, first reported on July 18, 2025, utilizes a typosquatted domain, npnjs.com, to mimic legitimate npm communications and trick developers into surrendering their authentication tokens. This multi-stage operation begins with automated emails scraped…
-
Attackers Target Legacy Code in TeleMessage’s Signal Clone
Multiple US Government Agencies Have Used the Now-Patched Message Archiving App. Attackers are actively attempting to exploit a vulnerability that exists in older versions of the Signal message app clone TeleMessage TM SGNL, built by Smarsh to keep copies of all communications, including the ability to comply with federal record-keeping requirements. First seen on govinfosecurity.com…