Latest Cyber News

A new report assesses that a technology and application research institute is likely a front organization for a national intelligence service. The institute and its subsidiary develop technologies like steganography, forensic tools, and penetration testing software that almost certainly support state-sponsored intelligence and military missions. Evidence for the connection includes personnel with clear links to the intelligence agency, the institute's proximity to the agency's headquarters, and its collaboration with a university run by the service. The group's research into steganography is particularly concerning, as this technique is used by state-sponsored hacking groups for covert communications and malware deployment. The report also highlights significant technology transfer risks, as the organization acquires and resells advanced software and hardware from foreign nations to support its operations.

A new ransomware collective, "Trinity of Chaos," linked to notorious groups like Lapsus$ and ShinyHunters, has launched a data leak site on the TOR network. The site lists 39 major global corporations, publishing previously undisclosed data from past breaches rather than claiming new attacks. The group is employing unusual extortion tactics, such as threatening to assist in litigation against victims like Salesforce unless a ransom is paid. Security researchers believe the data, allegedly totaling over 1.5 billion records, was likely obtained through stolen OAuth tokens and vishing attacks. Experts warn that the release of this massive trove of information could fuel widespread phishing campaigns, identity theft, and malicious AI-driven data mining.

A high-severity vulnerability, CVE-2025-27237, affects Zabbix Agent and Agent2 on Windows systems, enabling local privilege escalation. The flaw stems from the agent loading its OpenSSL configuration from a directory where low-privileged users can write files. An attacker can modify this configuration to inject a malicious DLL, which is then executed with SYSTEM-level rights when the agent service restarts. This grants the attacker full control over the compromised host. Zabbix has released patches for all affected versions and recommends administrators upgrade immediately to prevent potential system takeovers.

A critical vulnerability, tracked as CVE-2025-36604, has been discovered in Dell UnityVSA storage appliances. The flaw allows an unauthenticated attacker to execute arbitrary commands by exploiting improper sanitization in the login redirect logic. An attacker can embed malicious code in a URI, which is then executed by the system, granting them full control over the device. This could lead to data theft, configuration changes, or complete system compromise. Dell has released a patch in version 5.5.1 and strongly urges users of affected versions to upgrade immediately.

A national emergency management agency fired its CIO, CISO, and over 20 other staff members following a significant cybersecurity incident. Attackers reportedly used compromised credentials to breach a Citrix system, exfiltrating data from regional servers. The breach, which went undiscovered for weeks, is suspected to be linked to a widely exploited Citrix vulnerability. Officials stated the dismissals were due to incompetence and attempts to cover up severe security failures like a lack of multi-factor authentication. Following the incident, the agency mandated password changes and is restructuring its IT operations to address the security lapses.

A critical remote code execution vulnerability has been discovered in all versions of Redis Server that support Lua scripting. Tracked as CVE-2025-49844, the flaw is a use-after-free issue within the Lua scripting engine's garbage collection mechanism. Authenticated attackers can exploit this vulnerability by crafting a malicious Lua script to achieve arbitrary code execution with the privileges of the Redis server. The vulnerability has been assigned a CVSS score of 10.0, reflecting its critical severity and low attack complexity. While patches are still being developed, administrators are advised to mitigate the risk by using Access Control Lists to disable Lua script execution commands.

A high-severity vulnerability has been disclosed in the Unity game engine, affecting versions from 2017.1 onward on major desktop and mobile platforms. The flaw could allow an attacker to execute malicious code and exfiltrate data from a user's machine through an affected game or application. In response, Unity has urged developers to take immediate action by updating their projects, and some game studios have temporarily removed titles from online stores as a precaution. While there is no evidence of active exploitation, platform partners have deployed mitigations to protect users. Unity has released patched editor versions and a binary patching tool to help developers secure their applications.

A zero-day vulnerability in Zimbra Collaboration Suite was actively exploited by threat actors using malicious iCalendar (.ICS) attachments. The flaw, a stored cross-site scripting issue, allowed attackers to execute arbitrary JavaScript when a victim viewed an email with the malicious calendar entry. This enabled the attackers to hijack user sessions, steal credentials, exfiltrate emails and contacts, and set up email forwarding rules. The sophisticated malware used evasion techniques, such as delaying its execution and hiding UI elements to remain undetected. Although the attack has not been attributed to a specific group, it targeted a military organization and used TTPs similar to known state-sponsored actors.

A critical local privilege escalation vulnerability in the widely-used Sudo utility for Linux, tracked as CVE-2025-32463, is now being actively exploited. The flaw allows a low-privileged local user to gain full root access by abusing the chroot functionality in affected Sudo versions 1.9.14 through 1.9.17. A complete proof-of-concept exploit has been published, significantly increasing the risk of widespread attacks. Due to evidence of active exploitation, a national cybersecurity agency has added the vulnerability to its Known Exploited Vulnerabilities catalog. System administrators are urged to immediately update Sudo to a patched version, such as 1.9.17p1 or later, to mitigate the threat.

Oracle has issued an urgent security alert for a critical zero-day vulnerability in its E-Business Suite, tracked as CVE-2025-61882. The flaw allows for remote code execution without authentication, earning a maximum CVSS score of 9.8 and posing a severe risk to affected systems. It impacts the BI Publisher Integration component in versions 12.2.3 through 12.2.14, and successful exploitation could lead to a complete system compromise. A public proof-of-concept detection template is now available, increasing the likelihood of attacks. Oracle strongly urges customers to apply the emergency security patches immediately, as indicators of compromise suggest the vulnerability may already be under active exploitation.