The FBI on Thursday arrested a Defense Intelligence Agency employee working in the Insider Threat Division unit with top secret security clearance for allegedly attempting to provide classified information to a foreign government, the Justice Department said. Nathan Vilas Laatsch, 28, of Alexandria, Va., was arrested after a monthslong investigation following a tip the FBI received in March, according to officials. READ MORE...
The UK's Ministry of Defence has revealed that it was the target of a sophisticated, cyber attack that saw Russia-linked hackers pose as journalists. The foiled attack was one of over 90,000 cyber attacks linked to hostile states directed against the UK's defence over the past two years, according to the Ministry of Defence. The spear phishing campaign, which targeted staff with the intention of planting malware on MoD systems, was dubbed "Damascened Peacock". READ MORE...
ConnectWise is investigating suspicious activity - likely associated with a nation-state actor - affecting a limited number of customers that use ScreenConnect. In a post on its website, ConnectWise said it has notified all affected customers, alerted law enforcement to the attack and retained Mandiant to help with its investigation. A company spokesperson added that ConnectWise issued a patch for ScreenConnect. READ MORE...
A China-nexus threat actor behind the recent exploitation of SAP's NetWeaver software is expanding its campaign, taking advantage of unpatched, Internet-exposed servers deployed by organizations across South and Southeast Asia. The group Trend Micro calls "Earth Lamia" (after a type of beetle) has been around since 2023, when it was carrying out attacks against financial services companies in South Asia. READ MORE...
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480) were reported through the Google Android Security team in late January, and a third high-severity vulnerability (CVE-2025-27038) was reported in March. READ MORE...
Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media-and as sponsored ads-that lead to fake websites posing as Booking.com. According to Malwarebytes research, 40% of people book travel through a general online search, creating a lot of opportunities for scammers. The first signs of the campaign showed up mid-May and the final redirect destination changes every two to three days. READ MORE...
The FBI is warning that a Philippines-based company known as Funnull Technology Inc. is facilitating many of the cryptocurrency investment fraud scams in the US. Funnull provides hosting services and computer infrastructure of hundreds of thousands of websites that are involved in these kinds of cryptocurrency scams. According to the US Treasury Department, Americans lose billions of dollars every year because of them. READ MORE...
Technical details have been released for a recently patched critical-severity vulnerability in Cisco IOS XE that could be exploited for remote code execution (RCE). Tracked as CVE-2025-20188 (CVSS score of 10/10), the bug is described as an arbitrary file upload that exists because of a hardcoded JSON Web Token (JWT). Cisco announced fixes for the security defect on May 7, explaining that attackers could exploit it remotely, without authentication. READ MORE...
Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. The flaws, tracked under CVE-2025-48827 and CVE-2025-48828, and rated critical (CVSS v3 score: 10.0 and 9.0 respectively), are an API method invocation and a remote code execution (RCE) via template engine abuse flaws. They impact vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 when the platform runs on PHP 8.1 or later. READ MORE...