#payroll-fraud

#payroll-fraud

Gladinet vulnerability exploited in the wild A vulnerability affecting Gladinet's CentreStack and Triofox products has been exploited in the wild, Huntress warns. CentreStack is a mobile access and secure sharing solution while Triofox is a secure file access solution. Huntress earlier this year discovered exploitation of CVE-2025-30406, a hardcoded machine key issue affecting the products, and it has now detected exploitation of a new vulnerability, CVE-2025-11371, which allows unauthenticated local file inclusion. Gladinet is aware of the issue and is in the process of providing a workaround to customers until a patch is developed.

In a blog post, Redmond said a cybercrime crew it tracks as Storm-2657 has been targeting university employees since March 2025, hijacking salaries by breaking into HR software such as Workday. The attack is as audacious as it is simple: compromise HR and email accounts, quietly change payroll settings, and redirect pay packets into attacker-controlled bank accounts. Microsoft has dubbed the operation "payroll pirate," a nod to the way crooks plunder staff wages without touching the employer's systems directly.