-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
The Oxford City Council is investigating a recent cybersecurity breach that disrupted various council services and potentially exposed the personal data of past election workers. The Oxford City Council cyberattack, which occurred over the weekend of June 7–8, was identified by the council’s automated defense systems. According to a statement issued by the Council on Thursday, the incident involved “an unauthorized presence” within the council’s internal network.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
A security flaw in Apache Traffic Server (ATS) is targeting cloud service providers worldwide. The vulnerability, identified as CVE-2025-49763, exposes affected systems to denial-of-service (DoS) attacks that exploit a critical ACL issue in the server’s Edge Side Includes (ESI) plugin, enabling attackers to exhaust server memory and disrupt operations. Apache Traffic Server is widely used as a high-performance, scalable caching proxy and traffic management system.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
Charles M. Schmaltz, 28, of Pensacola, Florida, has pleaded guilty to cyberstalking and sending obscene materials to minor females. The announcement was made by John P. Heekin, United States Attorney for the Northern District of Florida, who highlighted the gravity of the crime and reaffirmed the government’s commitment to protecting vulnerable youth. “Protecting children from online exploitation and abuse is of paramount importance,” said U.S. Attorney Heekin.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
Cloud Software Group has released a security bulletin warning customers of two newly identified vulnerabilities, CVE-2025-5349 and CVE-2025-5777, affecting both NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). CVE-2025-5349 has been classified as an improper access control issue affecting the NetScaler Management Interface.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about the active exploitation of a critical Linux kernel vulnerability, officially listed as CVE-2023-0386. The vulnerability, which carries a CVSS score of 7.8, is categorized as a Linux Kernel Privilege Escalation flaw. It stems from improper ownership management within the Linux kernel’s OverlayFS subsystem.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
A security flaw has been identified in the keyless entry systems (KES) used extensively in KIA vehicles across Ecuador, exposing thousands of cars to a severe risk of theft. This vulnerability, officially catalogued as CVE-2025-6029, centers around outdated technology in aftermarket key fobs homologated and distributed by KIA Ecuador. The affected models include the Kia Soluto, Rio, and Picanto from 2022 through 2025.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
Cyble Research and Intelligence Labs (CRIL) has recently uncovered a malicious crypto phishing campaign where more than 20 malicious applications on the Google Play Store were designed to target crypto wallet users with phishing schemes. These deceptive apps impersonate well-known wallet platforms and lure users into revealing their sensitive mnemonic phrases, effectively handing over control of their digital assets.
-
3 weeks ago | 
thecyberexpress.com | Ashish Khaitan
The UK’s National Cyber Security Centre (NCSC) has introduced a set of six core principles to help organizations embed strong cybersecurity practices into their everyday operations. Developed in collaboration with government and industry leaders, this guidance aims to instill a lasting culture of security—one that prioritizes both technical controls and human behaviors to achieve sustainable cyber resilience.
-
3 weeks ago | 
thecyberexpress.com | Ashish Khaitan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released seven new ICS advisories, each highlighting cybersecurity vulnerabilities in key Industrial Control Systems across energy, communications, emergency response, and manufacturing sectors. The alerts shed light on remotely exploitable flaws discovered in devices and software produced by CyberData, Hitachi Energy, and Mitsubishi Electric—names synonymous with modern operational technology (OT).
-
3 weeks ago | 
thecyberexpress.com | Ashish Khaitan
The U.S. government has seized approximately 145 domains associated with the BidenCash marketplace and other criminal marketplaces, effectively dismantling one of the most notorious darknet operations for trafficking stolen credit card data and personal information. Announced by the U.S. Attorney’s Office for the Eastern District of Virginia, this sweeping operation targeted both darknet and surface web domains.
