Security researchers have discovered a severe buffer overflow vulnerability in zlib's untgz utility version 1.3.1.2 that lets attackers execute malicious code through simple command-line input.

The flaw exists in the TGZfname() function, where an unbounded strcpy() call copies user-supplied archive names into a fixed 1,024-byte buffer without any length validation. Attackers can trigger memory corruption by simply providing filenames longer than 1,024 bytes as command-line arguments.

Researchers demonstrated the exploit using a 4,096-byte filename, which caused a global buffer overflow affecting memory beyond the function's scope. This makes the vulnerability particularly dangerous since the corruption persists and can influence subsequent program behavior, potentially leading to code execution.

Source: Cyber Security News

Cisco Talos researchers have exposed UAT-7290, a sophisticated threat group active since 2022 that's been infiltrating critical infrastructure across South Asia. The hackers deploy a custom malware toolkit including RushDrop, DriveSwitch, and SilentRaid to establish persistent access and conduct espionage operations.

The group primarily targets telecommunications providers but has recently expanded into Southeastern Europe. They use one-day exploits and SSH brute force attacks to compromise edge devices, then burrow deep into victim networks. Beyond espionage, UAT-7290 also converts infected systems into operational relay boxes that other Chinese threat actors can use.

Cisco's analysis reveals significant overlaps with known Chinese military unit PLA 69010, suggesting state-sponsored backing for these ongoing cyber operations.

Source: Industrial Cyber

European law enforcement has dealt a major blow to the Black Axe cybercrime syndicate, arresting 34 suspects across Spain in a coordinated operation. Spanish National Police, working with German authorities and Europol support, detained 28 people in Seville and others in Madrid, Málaga, and Barcelona.

The West African-originated gang generates billions annually through business email scams, romance fraud, and phishing attacks. This Spanish cell alone caused nearly €6 million in damages. Authorities froze €119,352 in bank accounts and seized €66,403 in cash during raids.

Ten Nigerian nationals were among those arrested. The operation specifically targeted Black Axe's recruitment of money mules in high-unemployment areas for laundering schemes.

Source: Infosecurity Magazine

Cybercriminals are running a sophisticated phishing campaign that tricks people searching for Fortinet VPN downloads. The attackers created fake sites that look identical to Fortinet's official portal and manipulated AI-powered search summaries to promote their malicious links.

The scam works by hosting initial content on GitHub to appear trustworthy, then redirecting users from search engines to fake Fortinet sites. These sites demand VPN credentials before allowing downloads, stealing login information while providing legitimate software to avoid suspicion.

Security researchers warn this represents a new threat where AI search tools inadvertently promote malicious content. IT teams should block domains like vpn-fortinet[.]github[.]io and fortinet-vpn[.]com, while reminding staff that real software downloads don't require credentials upfront.

Source: Cybersecurity News

The Information Commissioner's Office has told Jeremy Corbyn's Peace and Justice Project that Zarah Sultana's unauthorised launch of Your Party's membership portal in September may constitute "serious criminal activity" requiring police investigation.

The drama unfolded when Sultana sent emails to 800,000 people promoting £55 memberships without authorization. Corbyn quickly issued an "urgent message" calling the site "unauthorised" and seeking legal advice.

While the ICO declined to investigate directly, it advised referring the matter to police and fraud authorities. Sultana dismissed the concerns Friday, claiming the ICO "dropped the case" and vowing to continue building what she calls the UK's largest socialist party since the 1940s.

Source: The Guardian

Check Point researchers discovered a sophisticated investment fraud operation that uses AI to create an entirely fake reality for victims. The scam starts with SMS messages directing targets to WhatsApp groups that appear to be legitimate investment discussions. However, everything is fabricated—the financial experts, group members, trading results, and even the investment company 'OPCOPRO' are AI-generated.

Victims spend weeks interacting with fake personas before being offered access to an exclusive trading platform promising 700% returns. Beyond stealing crypto investments, scammers harvest personal documents that could enable identity theft, corporate security breaches, or future blackmail schemes. Investment fraud cost victims $6.5 billion last year, making it cybercrime's most lucrative category.

Source: Infosecurity Magazine

Jaguar Land Rover's sales crashed in the final quarter of 2024, with wholesale volumes dropping 43.3% to 59,200 vehicles. The British carmaker was hit by a devastating cyber attack in late August that forced factory shutdowns across the UK, Slovakia, Brazil, and India through September, pushing the company into a nearly £500 million quarterly loss.

Production didn't return to normal until mid-November, creating a global distribution backlog. US tariffs on JLR exports added to the pain, while retail sales fell across all markets - North America down 37.7%, Europe 26.9%, and the UK 13.3%. The company's much-hyped electric Jaguar relaunch faced online criticism, and design boss Gerry McGovern departed after defending the controversial marketing campaign.

Source: The Guardian

A cybercriminal is selling sensitive engineering data allegedly stolen from Tampa-based Pickett USA, demanding $585,000 in cryptocurrency. The 139GB dataset contains operational information from three major utilities: Tampa Electric Company, Duke Energy Florida, and American Electric Power.

Discovered in January 2026, the breach exposed 892 files including LiDAR point cloud data, high-resolution photos, and design files covering active transmission lines and substations. Security experts warn this "Extended Enterprise" attack highlights how utility companies remain vulnerable through their vendors' weaker security controls.

The incident raises serious concerns about critical infrastructure security, as the stolen data could be used for infrastructure analysis and risk assessment by malicious actors.

Source: Industrial Cyber

Attackers are actively exploiting a critical zero-day vulnerability (CVE-2026-0625) in discontinued D-Link DSL gateway routers, most of which stopped receiving security updates over five years ago. The flaw, with a CVSS score of 9.3, allows remote attackers to execute arbitrary commands through the router's DNS configuration system without authentication.

VulnCheck discovered the vulnerability on December 16, 2025, after spotting active exploitation in production environments. D-Link is still investigating which specific models are affected, promising to release a detailed list this week. The company recommends organizations immediately replace these end-of-life devices with currently supported models.

This highlights ongoing risks of using obsolete networking equipment that no longer receives security patches.

Source: Dark Reading

Google released an urgent Chrome update to patch a high-severity vulnerability in the WebView component that could let hackers bypass security restrictions. The flaw, tracked as CVE-2026-0628, affects Chrome versions 143.0.7499.192/.193 for Windows and Mac, plus 143.0.7499.192 for Linux.

WebView allows apps to display web content without opening a full browser, making this vulnerability particularly dangerous. Attackers could potentially gain unauthorized access, steal data, or execute malicious code in affected applications.

Google is withholding detailed bug information until most users update their browsers. Users should immediately check for updates through Settings > Help > About Google Chrome to protect themselves.

Source: Cybersecurity News