Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

/in

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.
The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

The Hacker News – ​Read More

Qantas Airlines Breached, Impacting 6M Customers

/in

Passengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info.

darkreading – ​Read More

US Treasury Sanctions BPH Provider Aeza Group

/in

In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.

darkreading – ​Read More

Russian APT ‘Gamaredon’ Hits Ukraine With Fierce Phishing

/in

A Russian APT known as “Gamaredon” is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine.

darkreading – ​Read More

Initial Access Broker Self-Patches Zero Days as Turf Control

/in

A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.

darkreading – ​Read More

Phishers built fake Okta and Microsoft 365 login sites with AI – here’s how to protect yourself

/in

Okta researchers found hackers could make a phishing site with AI in just 30 seconds. Here’s how to protect your business.

Latest stories for ZDNET in Security – ​Read More

India’s Max Financial says hacker accessed customer data from its insurance unit

/in

The insurance giant is one of the largest insurers in India.

Security News | TechCrunch – ​Read More

China-linked hackers spoof big-name brand websites to steal shoppers’ payment info

/in

The campaign uses thousands of phishing websites that mimic the design and product listings of retailers like Apple, Nordstrom and Hermes to trick people into entering their credit card information.

The Record from Recorded Future News – ​Read More

A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now

/in

The Scattered Spider hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense.

Security Latest – ​Read More

ClickFix Spin-off Attack Bypasses Key Browser Safeguards

/in

A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware.

darkreading – ​Read More