Cyber Security – Page 51 – Simply Secure Group

CISA Adds Digiever Authorization Vulnerability to KEV List Following Active Exploitation

A critical vulnerability affecting Digiever DS-2105 Pro network video recorders was added to the Known Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following evidence of active exploitation in the wild. CVE-2023-52163 is a missing authorization vulnerability in Digiever DS-2105 Pro devices. That enables attackers to execute unauthorized commands through the time_tzsetup—cgi interface. Attribute Details […]

BlindEagle Hackers Attacking Government Agencies with Powershell Scripts

BlindEagle, a South American threat group, has launched a sophisticated campaign against Colombian government agencies, demonstrating an alarming evolution in attack techniques. In early September 2025, the group targeted a government agency under the Ministry of Commerce, Industry and Tourism (MCIT) using coordinated phishing emails and multi-stage malware delivery. This attack represents a significant escalation […]

PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernels POSIX CPU Timers Implementation

A proof-of-concept (PoC) exploit has been publicly released for CVE-2025-38352, a race condition vulnerability affecting the Linux kernel’s POSIX CPU timer implementation. The flaw enables attackers to trigger use-after-free conditions in kernel memory, potentially leading to privilege escalation and system compromise. CVE-2025-38352 is a race condition that occurs in the kernel’s handle_posix_cpu_timers() function, which processes timer signals […]

DIG AI Darknet AI Tool Enabling Threat Actors to Launch Sophisticated Attacks

A new and ominous player has emerged in the rapidly expanding landscape of “Shadow AI.” Researchers at Resecurity have identified DIG AI, an uncensored artificial intelligence tool hosted on the darknet that is empowering threat actors to automate cyberattacks, generate illicit content, and bypass the safety guardrails of traditional AI models. First detected on September […]

Cybersecurity Weekly Recap PornHub Breach, Cisco 0-Day, Amazon Detains DPRK IT Worker, and more

In a week that revealed the flaws in digital trust, cybersecurity headlines were filled with high-profile breaches, zero-day exploits, and bold nation-state espionage. Attackers claimed to have swiped usernames, emails, and encrypted passwords from over 1.2 million accounts, underscoring the persistent risks of adult platforms as lucrative targets for credential stuffing and phishing campaigns. As […]

100+ Cisco Secure Email Devices Exposed to ZeroDay Exploited in the Wild

Security researchers have identified at least 120 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager devices vulnerable to a critical zero-day flaw that attackers are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-20393, currently has no available patch, leaving organizations exposed to potential compromise. According to threat intelligence from Shadowserver […]

Claude Opus 4.5 Now Integrated with GitHub Copilot

GitHub has announced the general availability of Claude Opus 4.5, Anthropic’s advanced AI model, across its Copilot platform. This integration enhances AI capabilities for developers using GitHub’s code assistance tools. The Claude Opus 4.5 model is now accessible to users with Copilot Enterprise, Copilot Business, Copilot Pro, and Copilot Pro+ subscriptions. Developers can leverage this […]

Microsoft Rolls Out Baseline Security Mode for Office, SharePoint, Exchange, Teams, and Entra

Microsoft has begun deploying Baseline Security Mode across Microsoft 365 tenants, a new dashboard in the M365 Admin Center that centralizes recommended security configurations for Office, SharePoint, Exchange, Teams, and Entra. Announced at Ignite 2025, this opt-in feature helps administrators quickly assess vulnerabilities, run impact reports, and apply risk-based hardening without immediate user disruptions. As […]

Cybersecurity Professionals Plead Guilty to Launching Ransomware Attacks

In a shocking betrayal of industry trust, two former cybersecurity professionals have pleaded guilty to federal charges for launching ransomware attacks against U.S. businesses. The pair, whose day jobs involved helping companies respond to hacks and negotiate ransoms, admitted to moonlighting as cybercriminals in a plot to extort millions of dollars from victims. Ryan Clifford […]

Hackers Weaponize SVG Files and Office Documents to Target Windows Users

Cybersecurity researchers have uncovered a sophisticated email campaign deploying a commodity loader to distribute Remote Access Trojans and information stealers. The operation primarily targets manufacturing and government organizations across Italy, Finland, and Saudi Arabia, using highly evasive techniques. Infection chain Multi-Vector Attack Strategy The campaign employs multiple infection methods to compromise Windows systems. Threat actors […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.