Month: November 2025

The office of Pennsylvania’s attorney general has confirmed that the ransomware gang behind an August 2025 cyberattack stole files containing personal and medical information. This comes after Attorney General Dave Sunday confirmed in early September that the incident was a ransomware attack and his office refused to pay the ransom requested by the cybercriminals after

A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication. The issue is fixed in FortiWeb 8.0.2, and admins are urged to update as soon as possible and check for signs of unauthorized access The exploitation was first spotted by threat intelligence company Defused

US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks.  An updated joint advisory from CISA, the FBI, the Department of Defense Cyber Crime Center (DC3), the Department of Health and Human Services (HHS), and several international partners alerts that Akira ransomware has expanded its

Google will start taking action on Android apps in the official Google Play store that have high background activity and cause excessive battery draining. Apps that exceed a “bad behavior threshold” may be flagged on Google Play for negatively impacting battery performance and may affect their visibility in the Android ecosystem. Developers have until March 1, 2026

Home Viewing author profile for Ax Sharma Location:Toronto, ON Title:Security Researcher, Journalist Forum Profile: AxSharma Author Bio Ax Sharma is a security researcher and journalist focused on malware analyses and cybercrime investigations. His expertise includes open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5

Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs. As announced in August, Google was planning to introduce what it called “Developer Verification” starting in 2026 to block

The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. In the past, people used the finger command to look up information about local and remote users on Unix and Linux systems via the Finger protocol, a command later added to Windows. While still

Microsoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. KB5068781 is the first Windows 10 extended security update and was released on November 11 as part of Patch Tuesday. Since then, some business Windows 10 users

Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. The cyberattack was announced on September 2, 2025, forcing the British carmaker to shut down production at major plants and send its staff home. A

UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. The company says that although the stolen data affects a significant portion of its merchant base, it will not pay a ransom and will instead invest