-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
A newly disclosed vulnerability, tracked as CVE-2025-27522, has been discovered in Apache InLong, a widely used real-time data streaming platform. The Apache InLong vulnerability introduces the potential for remote code execution (RCE). The vulnerability affects Apache InLong versions 1.13.0 through 2.1.0, making a wide range of deployments potentially vulnerable.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
Apple, in its latest App Store fraud analysis, revealed that the company prevented more than $2 billion in potentially fraudulent transactions in 2024 alone. This contributes to a staggering total of $9 billion in fraudulent activities thwarted since 2019. With more than 813 million visitors weekly and active operations in 175 regions, maintaining the platform’s integrity requires Apple to protect its users and upgrade defenses. Here is a quick breakdown of the 2024 Apple App Store fraud analysis.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
Nova Scotia Power has confirmed it was the victim of a ransomware attack, weeks after initially alerting customers to a cybersecurity breach. The utility, owned by Emera Inc., revealed that the attack resulted in a data breach impacting approximately 280,000 customers—but emphasized it has not paid the ransom demanded by the attackers. The Nova Scotia cyberattack, which began around March 19, 2025, was first made public on April 28.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
Five major banking associations have formally petitioned the U.S. Securities and Exchange Commission (SEC) to repeal a rule that mandates public companies to disclose material cybersecurity incidents within four business days. The organizations argue that the rule, particularly the reporting requirement under Form 6-K for foreign issuers and Form 8-K Item 1.05 for domestic issuers, poses unnecessary risks and fails to serve its intended purpose of investor protection.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
Cloudflare has alerted users of a security vulnerability—tracked as CVE-2025-4366—in the widely used Pingora OSS framework. This vulnerability, a request smuggling flaw, was discovered by a security researcher while testing exploits against Cloudflare’s Content Delivery Network (CDN) free tier, which utilizes Pingora to serve cached assets.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
A zero-day vulnerability in the Linux kernel’s SMB (Server Message Block) implementation, identified as CVE-2025-37899, has been discovered using OpenAI’s powerful language model, o3. The vulnerability is a use-after-free flaw located in the logoff command handler of the ksmbd kernel module. Security researcher Sean H. documented the process in a detailed technical blog. He had initially set out to audit ksmbd, a Linux kernel module responsible for implementing the SMB3 protocol.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
Cellcom, a regional wireless provider based in Wisconsin, is continuing efforts to restore full service following a cybersecurity incident that has disrupted customers’ ability to make phone calls and send text messages. The company, which reported a Cellcom cyberattack last week, left many of its customers frustrated and without service.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and encrypted messages, effectively undermining the very foundation of trust in public key cryptography. The vulnerability, rated 8.7 (High) on the CVSS scale, was discovered by security researchers Edoardo Geraci and Thomas Rinsma of Codean Labs.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
Indian Ministry of Home Affairs (MHA) has introduced the e-Zero FIR system, a digital-forward solution to ensure justice for victims of financial cybercrimes. Announced by India’s Union Home Minister and Minister of Cooperation Amit Shah on May 19, 2025, this initiative is part of the government’s Cyber Secure Bharat initiative. Under the supervision of the Indian Cybercrime Coordination Centre (I4C), the e-Zero FIR initiative has been rolled out as a pilot project in Delhi.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
Two high-severity security flaws have been identified in Multer, a popular middleware used in Node.js applications for handling file uploads. The Multer vulnerabilities, tracked as CVE-2025-47944 and CVE-2025-47935, affect all versions from 1.4.4-lts.1 up to but not including 2.0.0.According to the GitHub post, the two vulnerabilities “allow an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request.
