-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
Cyble researchers have uncovered ransomware called DOGE BIG BALLS, a ransomware that not just stands out but also presents its technical prowess for audacious psychological manipulation. This malware campaign intricately weaves together advanced exploitation techniques, social engineering, and a deliberate attempt to misattribute blame, notably linking itself to Edward Coristine, a 19-year-old software engineer associated with Elon Musk’s DOGE initiative.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
A new exploit, traced to a MorphoBlue vulnerability, has resulted in the theft of $2.6 million. The breach, which occurred on April 11, 2025, was first reported by PeckShieldAlert, highlighting a major security flaw in the decentralized finance (DeFi) ecosystem. The attacker, operating under the Ethereum address c0ffeebabe.eth, managed to frontrun a transaction, siphoning off the funds to a new address, 0x1A5B…C742.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
A recently uncovered SureTriggers vulnerability has put more than 100,000 websites at risk, highlighting once again how critical plugin security is for WordPress site administrators. The vulnerability, officially identified as CVE-2025-3102, has a CVSS score of 8.1, placing it in the high-severity category. This flaw allows unauthorized users to create administrator accounts under specific conditions, potentially giving attackers full control over affected websites.
-
1 week ago | 
thecyberexpress.com | Ashish Khaitan
To address the growing challenges posed by cyber threats and digital fraud, the Bank of Thailand (BOT) and Bank Negara Malaysia (BNM) have officially signed a Memorandum of Understanding (MoU) to deepen their collaboration on cybersecurity efforts and enhance cyber resilience across both nations’ financial systems.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding two new vulnerabilities that are actively being exploited in the wild. The vulnerabilities identified by CISA, includes CVE-2025-30406 and CVE-2025-29824. These two vulnerabilities are identified by Gladinet CentreStack and Microsoft Windows systems, respectively.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
Adobe has released a new security update addressing 30 vulnerabilities across various products, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. This Adobe security update includes patches for critical issues that could lead to code execution, arbitrary file system access, memory leaks, and other security risks.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability to its Known Exploited Vulnerabilities Catalog. The vulnerability, identified as CVE-2025-31161, is an Authentication Bypass Vulnerability in CrushFTP, a widely used FTP server software. CVE-2025-31161 specifically affects versions of CrushFTP prior to 10.8.4 and 11.3.1, leaving users vulnerable to an authentication bypass attack.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
India has launched its first-ever Digital Threat Report 2024 to enhance cybersecurity resilience within India’s Banking, Financial Services, and Insurance (BFSI) sector. This report is the result of a collaborative effort between key national cybersecurity entities, including the Ministry of Electronics and Information Technology (MeitY), the Indian Computer Emergency Response Team (CERT-In), CSIRT-Fin, and global cybersecurity firm SISA.
-
2 weeks ago | 
thecyberexpress.com | Ashish Khaitan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners, has issued an urgent advisory titled “Fast Flux: A National Security Threat.” The advisory highlights the growing use of fast flux techniques by cybercriminals and potentially nation-state actors to evade detection and establish highly resilient and stealthy infrastructure for malicious activities.
-
3 weeks ago | 
thecyberexpress.com | Ashish Khaitan
The Cybersecurity and Infrastructure Security Agency (CISA) issued two crucial Industrial Control Systems (ICS) advisories, highlighting vulnerabilities that could have serious impacts on critical infrastructure. These ICS advisories, identified as ICSA-25-091-01 and ICSA-24-331-04, are designed to inform organizations about current security threats, vulnerabilities, and necessary mitigations related to ICS products and systems.
