Cyber Security – Page 57 – Simply Secure Group

Russian Airline Suffered Cyberattack Website and Other Systems Affected

Krasnoyarsk Regional Airlines (KrasAvia) confirmed a sophisticated cyberattack that has rendered its primary online services inoperable. The breach targeted the airline’s web portal and associated back-end systems, including the Passenger Service System (PSS) and flight planning applications. As a result, passengers are currently unable to complete e-ticket purchases or check in online, prompting KrasAvia to […]

UK Arrested 2 Scattered Spider Hackers Linked to London Transport System Breach

UK law enforcement has arrested two individuals linked to the notorious Scattered Spider cybercriminal group, including 19-year-old Thalha Jubair from London, who faces charges in connection with over 120 network intrusions that resulted in more than $115 million in ransom payments. The arrests represent a significant breakthrough in dismantling one of the world’s most prolific […]

Raven Stealer Attacking Google Chrome Users to Steal Sensitive Data

Raven Stealer has emerged as a potent information‐stealing threat targeting users of Chromium‐based browsers, most notably Google Chrome. First observed in mid-2025, this lightweight malware distinguishes itself through a modular architecture and stealthy design, allowing it to harvest sensitive information without alerting victims. Delivered predominantly via cracked software bundles and underground forums, Raven Stealer capitalizes […]

Jenkins Patches Multiple Vulnerabilities that Allow Attackers to Cause a Denial of Service

Jenkins has released critical updates addressing four security flaws that unauthenticated and low-privileged attackers could exploit to disrupt service or glean sensitive configuration details. Administrators running Jenkins weekly releases up to 2.527 or the Long-Term Support (LTS) stream up to 2.516.2 must upgrade to mitigate these risks. HTTP/2 Denial of Service (CVE-2025-5115) A high-severity issue […]

Pixie Dust Wi-Fi Attack Exploits Routers WPS to Obtain PIN and Connect With Wireless Network

The newly publicized Pixie Dust attack has once again exposed the critical vulnerabilities inherent in the Wi-Fi Protected Setup (WPS) protocol, enabling attackers to extract the router’s WPS PIN offline and seamlessly join the wireless network. By targeting weak randomization in the registrar’s nonces, this exploit subverts the intended security of WPS without requiring proximity […]

FinWise Insider Breach Exposes 700K Customer Records to Former Employee

American First Finance, LLC, a Dallas-based financial services firm, suffered a significant insider breach when a recently terminated employee exploited unauthorized access to its production database. The incident, dubbed the FinWise insider breach, resulted in the exfiltration of sensitive customer records nearly 689,000 names, Social Security numbers, and other personal identifiers via direct SQL queries […]

Hackers Can Exploit Bitpixie Vulnerability to Bypass BitLocker Encryption and Escalate Privileges

A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems. The vulnerability affects boot managers from 2005 to 2022 and can still be exploited on updated systems through downgrade attacks, posing significant risks to enterprise security. Key Takeaways1. Bitpixie lets attackers bypass BitLocker […]

New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips

A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The attack is the first to demonstrate a practical privilege escalation exploit on a commodity system equipped with DDR5 RAM, undermining the assumption that these newer memory modules were immune to such threats. Rowhammer is […]

Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages

A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per week. The attack also affected more than 40 other packages from various maintainers, introducing a dangerous self-propagating malware designed to steal developer credentials and spread itself across the software landscape. […]

Sidewinder APT Hackers Leverage Nepal Protests to Push Mobile and Windows Malware

The eruption of widespread protests across Nepal in early September 2025 provided fertile ground for a sophisticated campaign orchestrated by the Sidewinder APT group. As demonstrators mobilized against government policies and social media restrictions, threat actors exploited the turbulence to distribute malicious applications masquerading as legitimate emergency services. Victims seeking live updates or assistance were […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.