-
Cyberattackers Might Share the Podium at Winter Olympics
The upcoming Winter Games in the Italian Alps are set to be a major event, drawing attention from various groups with differing agendas. Hacktivists are keen to leverage the global spotlight, aiming to reach billions of viewers with their messages. These individuals see the Games as an opportunity to promote their causes and raise awareness…
-
Fortinet Faces More Issues: Critical FortiSIEM Vulnerability Being Exploited
CVE-2025-64155 is a newly disclosed command injection vulnerability that has raised significant concerns within the cybersecurity community. This vulnerability allows attackers to execute arbitrary commands on affected systems, potentially leading to severe data breaches and system compromises. Following its disclosure earlier this week, CVE-2025-64155 quickly attracted attention from malicious actors, who began launching attacks from…
-
Cryptocurrency Crime 2025: New Report Unveils the True Extent
New research has highlighted the alarming scale of crypto crime in 2025, revealing that an estimated US$17 billion (approximately AU$25 billion) was lost to crypto scams last year. This staggering figure is largely attributed to a dramatic rise in impersonation scams, which surged by 1,400 per cent year over year. Furthermore, the payment values associated…
-
Vulnerabilities on the Rise, Yet Chaotic Reporting Obscures the View
MITRE has recently lost its position as the leading reporter of vulnerabilities, as new organisations emerge to fill the gap in the cybersecurity landscape. This shift has resulted in a significant increase in the number of Common Vulnerabilities and Exposures (CVEs) being reported. As various entities contribute to the growing database of vulnerabilities, the landscape…
-
Warning issued to WhatsApp users! Be wary of the new GhostPairing attack.
Security experts have identified a new WhatsApp takeover scam known as GhostPairing, which allows attackers to access victims’ contacts, photos, and messages without the need for stolen passwords or SIM-swapping. Stephen Kho, a cyber security expert from Avast, explained that this method deceives users into completing what appears to be a normal verification step. This…
-
Incident response playbooks: Turning theoretical plans into effective real-life responses
Most organisations take pride in their Incident Response (IR) playbooks, which are often stored neatly on shared drives or in binders, ready for emergencies. However, when a real breach occurs, these meticulously crafted documents frequently fall short. Phone numbers may be outdated, escalation paths unclear, and team roles uncertain. In the midst of an active…
-
CometJacking: Single Click Transforms Perplexity’s Comet AI Browser into Data Stealer
Cybersecurity researchers have unveiled a new attack method known as CometJacking, which specifically targets Perplexity’s agentic AI browser, Comet. This attack involves embedding malicious prompts within seemingly harmless links to extract sensitive data from connected services, such as email and calendar applications. Michelle Levy, Head of Security Research at LayerX, emphasised that “CometJacking shows how…
-
First malicious AI-MCP server discovered
Security researchers have identified what they believe to be the world’s first malicious Model Context Protocol (MCP) server, which has been made available as open source on GitHub, a Microsoft-owned code repository. MCP, created by Anthropic, has faced criticism for its optional security measures and inherent vulnerabilities. This protocol aims to standardise connections between AI…
-
Industrial cellular routers in Australia exploited for smishing attacks
A popular make of industrial cellular routers, with nearly 10,000 devices connected to the Internet in Australia alone, is being exploited by attackers for short messaging service (SMS) text spam, commonly known as smishing. French security vendor Sekoia discovered earlier this year that the application programming interface (API) of hundreds of Milesight cellular routers was…
-
Phishing is shifting from email to mobile – Is your staff training keeping up?
With the alarming increase in SMS, voice, and QR-code phishing incidents, it is crucial to prioritise the security of mobile users. Cybercriminals are becoming increasingly sophisticated, employing various tactics to exploit vulnerabilities in mobile communication. As more individuals rely on their smartphones for personal and professional interactions, the risk of falling victim to these scams…
