Hackers Can Seize Your Phone Network due to New Mitel Flaws
What Went Wrong in MiVoice MX‑ONE Mitel has confirmed a “critical” hole in the Provisioning Manager of its MiVoice MX‑ONE phone system that lets anyone skip the login screen and grab full control. The weakness, tracked internally as MXO‑15711, sits in every build from version 7.3 all the way…
0 Comments5 Minutes
Hackers Tear Through Microsoft SharePoint
Weekend breach spreads across government and industry A worldwide investigation is under way after cyber‑intruders slipped through a brand‑new hole in Microsoft’s SharePoint Server, hijacking critical systems at government offices, universities, energy suppliers and at least one Asian…
0 Comments5 Minutes
MDifyLoader: Fresh Malware Wave Exploits Ivanti VPN Flaws
Two critical bugs open the door Security teams who thought they were safe after January’s and April’s patch cycles may need to take another look. Researchers at Japan’s computer emergency response team, JPCERT/CC, have confirmed that attackers are chaining two separate Ivanti Connect Secure…
0 Comments6 Minutes
Critical NVIDIA Container Toolkit Bug Lets Attackers Break Out of AI Containers
New flaw threatens the backbone of GPU‑powered cloud services Cloud‑security firm Wiz has uncovered a serious weakness in the NVIDIA Container Toolkit (NCT) that could let a malicious container jump its fence and seize control of the underlying server. The issue, logged as CVE‑2025‑23266 and…
0 Comments4 Minutes
Interlock Hackers Turn to FileFix and a PHP-Based RAT in Their Latest Campaign
Booby-Trapped Websites Funnel Unsuspecting Visitors Into FileFix’s Trap Researchers from The DFIR Report and Proofpoint say the crew behind the Interlock ransomware operation has shifted tactics once again, swapping its Node.js remote-access trojan for a new PHP rewrite and delivering it through a…
0 Comments6 Minutes
Fortinet Rushes Out Emergency Patch for Severe FortiWeb Flaw
A simple mistake with big consequences Fortinet has pushed an urgent update for its FortiWeb web-application firewall after researchers uncovered a critical weakness that lets anyone on the internet run their own database commands on unprotected systems. The defect, catalogued as CVE-2025-25257 and…
0 Comments6 Minutes
Leaked Shellter Elite Copy Fuels New Wave of Infostealer Attacks
From Test-Lab Helper to Criminal Workhorse A security tool that was meant to help ethical hackers has slipped into the wrong hands. Shellter Elite, a commercial framework designed to let red-teamers hide test payloads from antivirus and endpoint protection, is now turning up inside real-world…
0 Comments5 Minutes
Google Ordered to Pay $314 Million for Quietly Using Android Users’ Mobile Data
Jury Says Background Data Use Broke California Law A jury in San Jose, California, has told Google to hand over roughly $314 million after deciding the company tapped into Android users’ mobile-data plans without permission. The verdict, delivered at the close of a month-long trial that began on…
0 Comments6 Minutes
Two Bugs in Sudo Let Regular Users Gain Root Access
A Routine Tool Under the Microscope Sudo is one of those command-line helpers that most Linux and Unix administrators install and forget. It lets anyone with the right entry in the /etc/sudoers file perform system tasks that normally need super-user rights, all while keeping a clear audit trail.…
0 Comments6 Minutes
“NightEagle” Hackers Exploit Fresh Microsoft Exchange Weakness
Researchers spot fast-moving group at CYDES 2025 Security investigators from the RedDrip Team at Chinese cybersecurity giant QiAnXin have unmasked a previously unreported advanced-persistent-threat (APT) crew they have dubbed “NightEagle,” also tracked as APT-Q-95. The team laid out its findings…
2 Comments5 Minutes