Cisco has disclosed a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management tool that could allow authenticated attackers to gain unauthorized administrative access.
Threat actors, particularly UNC5221, are exploiting critical vulnerabilities in Ivanti Cloud Service Appliances to execute remote code, steal credentials, and implant webshells, prompting a joint advisory from CISA and the FBI.
Chief Information Security Officers are increasingly integrated into executive roles, yet face significant challenges in aligning priorities and securing adequate budgets for cybersecurity initiatives.
The PlushDaemon APT group, believed to be aligned with Chinese state interests, conducted a sophisticated supply-chain attack on the South Korean VPN provider IPany by embedding a backdoor known as SlowStepper into the legitimate software installer.
In 2024, 84% of healthcare organizations reported experiencing cyber-attacks, with phishing being the most common exploit, leading to significant financial damage and increased regulatory scrutiny.
Thousands of account credentials from major cybersecurity vendors have been discovered for sale on dark web marketplaces, primarily due to the rise of infostealers, posing significant risks to both vendors and their clients.
