Stay updated with the latest in cybersecurity threats, data privacy, and digital marketing trends. CyberPulse delivers breaking stories, expert analysis, and insights for today’s digital professionals
A significant security vulnerability (CVE-2025-34028) has been discovered in Commvault Command Center Innovation Release, allowing unauthenticated attackers to execute arbitrary code remotely. The vulnerability carries a high CVSS score of 9.0 and impacts version 11.38 of the Command Center installation, potentially leading to complete system compromise if exploited.
The FBI reported that cybercriminals stole a record $16.6 billion in 2024, marking a 33% increase compared to the previous year. This significant rise is detailed in the FBI's Internet Crime Complaint Center (IC3) report, which recorded 859,532 complaints, with 256,256 reflecting actual losses, averaging $19,372 per incident.
With billions of users, YouTube has become a prime target for cybercriminals who exploit the platform to distribute malicious links and phishing schemes. Cybercriminals often post harmful links in video descriptions and comments that lead to malware-hosting sites. Proofpoint identified several channels in 2024 that were promoting pirated games bundled with keyloggers or remote access tools, further complicating the security landscape.
Cybersecurity researchers have documented an alarming surge in infostealer malware distribution through phishing channels, with weekly delivery volume increasing by 84% in 2024 compared to the previous year. This upward trend shows no signs of slowing, with early 2025 figures suggesting an even more dramatic 180% increase in weekly volume compared to 2023 baselines. The evolution of delivery mechanisms has played a crucial role in this proliferation of threats, as traditional malicious attachments have declined significantly.
Ukrainian companies are significantly ramping up the production of fiber-optic drones to counter Russian electronic warfare. Traditional electronic warfare methods, such as frequency jammers, are ineffective against these drones, making them a formidable asset in combat. The need for these advanced drones has arisen due to the evolving nature of warfare in Ukraine, where both sides are increasingly reliant on drone technology.
Starting in December 2024, Microsoft Threat Intelligence identified a phishing campaign that impersonates the online travel agency Booking.com. This campaign targets organizations in the hospitality sector, employing a social engineering technique known as ClickFix to deliver credential-stealing malware. As of February 2025, this campaign remains active.
A severe remote code execution vulnerability has been identified in the Erlang/OTP SSH implementation, tracked as CVE-2025-32433. This vulnerability scores a maximum CVSS of 10.0, indicating critical severity. It allows unauthenticated attackers to execute arbitrary code on affected devices, which are predominantly used in telecom and IoT environments.
Organizations struggle to fix flaws identified during penetration testing, with generative AI applications complicating the remediation process. According to Cobalt's State of Pentesting Report 2025, only 48% of exploitable vulnerabilities are resolved, dropping to 21% for flagged generative AI app flaws. The resolution rate for critical vulnerabilities is higher at 69%.
Attackers are utilizing Windows shortcut (.lnk) files to deceive users into executing malicious code on their systems. Researchers from Trend Micro's Zero Day Initiative (ZDI) have reported that at least 11 threat actors globally have been exploiting this vulnerability, designated as ZDI-CAN-25373, to execute harmful payloads on target machines. The vulnerability allows an attacker to manipulate the metadata within a .lnk file to hide malicious code, making it appear harmless to users. Consequently, unsuspecting users may inadvertently infect their systems with malware.