June 2nd, 2025
Who:
LexisNexis Risk Solutions, a major U.S. data broker, experienced a data breach.
An unauthorized third-party accessed the company's GitHub repositories, a platform used for software development.
What:
May 27th, 2025
Who:
Cybercriminals are leveraging TikTok to disseminate malware. These actors are producing AI-generated videos that instruct users to execute malicious PowerShell commands under the guise of software activation steps. The campaign has achieved significant reach, with some videos amassing nearly 500,000 views.
What:
The attackers employ a tactic known as "ClickFix," wherein users are deceived into running PowerShell commands that download and execute info-stealer malware, specifically Vidar and StealC. These videos falsely claim to activate or enhance software like Windows, Microsoft Office, CapCut, or Spotify. Upon execution, the malware harvests sensitive data, including credentials, cookies, cryptocurrency wallets, and two-factor authentication tokens.
May 13th, 2025
Who:
Apple devices utilizing the AirPlay suite and third-party devices incorporating the AirPlay SDK.
What:
Cybersecurity firm Oligo Security identified 23 vulnerabilities, termed "AirBorne," within Apple's AirPlay protocol and SDK. These flaws permit zero-click and one-click remote code execution (RCE), man-in-the-middle (MitM) attacks, denial-of-service (DoS), and unauthorized access to sensitive data on devices connected to the same network.
May 9th, 2025
Who:
Cisco has identified a critical vulnerability (CVE-2025-20188) in its IOS XE Wireless Controllers. With a CVSS score of 10.0, this flaw was found to affect the following products when running vulnerable releases with the Out-of-Band AP Image Download feature enabled:
Catalyst 9800-CL Wireless Controllers for Cloud
Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
