breaking news – MCYSEKA-Maritime Cyber Security Knowledge Archive

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26828 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an unrestricted upload of file with dangerous type vulnerability. “OpenPLC […]

December 5, 2025

0 comment

Marquis data breach impacted more than 780,000 individuals

Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financial data, including names, addresses, SSNs, and card numbers, impacting over 780,000 people. Marquis is a Texas-based fintech and software firm that provides data-driven marketing, customer data platforms, analytics, […]

December 4, 2025

0 comment

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm. ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or […]

December 4, 2025

0 comment

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS attack from the AISURU botnet, a 69-second barrage that set a new volume record. The cybersecurity firm did not disclose the name of the […]

December 4, 2025

0 comment

King Addons flaw lets anyone become WordPress admin

Hackers are exploiting a King Addons flaw (CVE-2025-8489) that lets anyone register and instantly gain admin privileges on WordPress sites. Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for Elementor that allows unauthenticated users to create admin accounts via a registration privilege bug. King […]

December 4, 2025

0 comment

University of Pennsylvania and University of Phoenix disclose data breaches

The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign. The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle E-Business Suite customers. Penn explained that it uses Oracle’s E-Business Suite (EBS) platform for supplier […]

December 3, 2025

0 comment

Researchers spotted Lazarus’s remote IT workers in action

Researchers exposed a Lazarus scheme using remote IT workers tied to North Korea’s Famous Chollima APT group in a joint investigation. Researchers filmed Lazarus APT group’s remote-worker scheme in action, uncovering a North Korean network of IT contractors linked to the Famous Chollima unit, TheHackerNews reported. Recently, multiple cybersecurity firms and government agencies observed North […]

December 3, 2025

0 comment

India mandates SIM-linked messaging apps to fight rising fraud

India ordered messaging apps to work only with active SIM cards linked to users’ phone numbers to curb fraud and misuse. India’s Department of Telecommunications (DoT) now requires providers of messaging apps to work only with active SIM cards linked to users’ numbers to prevent fraud and misuse. “The Department of Telecommunications (DoT) has observed that some […]

December 3, 2025

0 comment

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Framework flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Android Framework flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Google’s new Android update patched 107 vulnerabilities, including two already […]

December 3, 2025

0 comment

MuddyWater strikes Israel with advanced MuddyViper malware

Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader, […]

December 2, 2025

0 comment

1 2 3 … 260

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31