A sophisticated attack campaign dubbed “Operation Zero Disco,” where threat actors are actively exploiting a critical Cisco Simple Network Management Protocol (SNMP) vulnerability to install Linux rootkits on vulnerable network devices. Trend Micro observed an operation exploiting CVE-2025-20352, which allows…
Category: EN
GhostBat RAT Android Malware With Fake RTO Apps Steals Targeting Indian Users to Steal Banking Data
The GhostBat RAT campaign has emerged as a sophisticated threat targeting Indian Android users through counterfeit Regional Transport Office (RTO) applications. First observed in mid-2025, these malicious APKs masquerade as the official “mParivahan” app, exploiting user trust in government services.…
F5 Breached – Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities Data
F5, a leading provider of application security and delivery solutions, disclosed a major security incident. The company revealed that a sophisticated nation-state threat actor had gained long-term access to internal systems, exfiltrating sensitive files including BIG-IP source code and details…
Hackers Registered 13,000+ Unique Domains and Leverages Cloudflare to Launch Clickfix Attacks
In mid-2025, Lab539 researchers observed an unexpected surge in a novel browser-based malware campaign dubbed “ClickFix.” Emerging quietly in July, the threat quickly expanded its reach by registering over 13,000 unique domains designed to lure users into executing malicious commands…
F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data
F5 shared few details on the threat actor, but the attack profile seems to point to China. The post F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Patch Tuesday Update – October 2025
In total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 196 CVEs, including 21 republished CVEs. Overall, Microsoft announced 3 Zero-Day, 17 Critical, and 164 Important vulnerabilities. From an Impact perspective, Escalation of Privilege vulnerabilities accounted for 46%,…
Hackers Breach F5 and Stole BIG-IP Source Code and Undisclosed Vulnerability Data
F5 Networks confirmed that a sophisticated nation-state threat actor infiltrated its systems, exfiltrating proprietary BIG-IP source code and confidential vulnerability information. The incident, which began in August 2025, targeted F5’s product development and engineering knowledge platforms, prompting an immediate response…
Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems, stole code and customer data
The company, which provides cybersecurity defenses to most of the Fortune 500, said the DOJ allowed it to delay notifying the public on national security grounds. This article has been indexed from Security News | TechCrunch Read the original article:…
Scammers are still sending us their fake Robinhood security alerts
Fake alerts claim your Robinhood account is at risk. The link leads to a convincing copy of the site—but it’s built to steal your login. This article has been indexed from Malwarebytes Read the original article: Scammers are still sending…
Devs are writing VS Code extensions that blab secrets by the bucketload
Vibe coding may have played a role in what took researchers months to fix Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked with Microsoft to combat an issue that could…
F5 data breach: “Nation-state attackers” stole BIG-IP source code, vulnerability info
US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security products, the company confirmed today. BIG-IP vulnerabilities are often leveraged by…
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. “A leaked VSCode Marketplace…
Flaw in Slider Revolution Plugin Exposed 4m WordPress Sites
A flaw in the Slider Revolution plugin has exposed millions of WordPress sites to unauthorized file access This article has been indexed from www.infosecurity-magazine.com Read the original article: Flaw in Slider Revolution Plugin Exposed 4m WordPress Sites
Foundation Business Advisory Committee election
Believe it or not, it’s time to start the election process for the 2026 Foundation Business Advisory Committee (FBAC). Advisory committees play a critical role in the governance of the OpenSSL Foundation. This committee focuses on the strategic direction of…
200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass
About 200K Linux systems from Framework shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. Firmware security company Eclypsium warns that about 200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable…
The Growing Threat of Ignoring Personal Cybersecurity
Today, in the age of digitization, cybersecurity is no longer a luxury; quite the contrary, it is both a necessity and a must. The confidence of consumers and businesses alike… The post The Growing Threat of Ignoring Personal Cybersecurity appeared…
CISA’s latest cuts reignite concerns among Democratic lawmakers
A congressman on a key subcommittee suggests that shrinking CISA leaves Americans exposed to mounting cyber threats. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISA’s latest cuts reignite concerns among Democratic lawmakers
What is a cloud access security broker (CASB)?
<p>A cloud access security broker (CASB) is a software tool or service that sits between an organization’s on-premises <a href=”https://www.techtarget.com/searchdatacenter/definition/infrastructure”>infrastructure</a> and a <a href=”https://www.techtarget.com/searchitchannel/definition/cloud-service-provider-cloud-provider”>cloud provider’s</a> infrastructure. A CASB tool provides a unified and consistent method of delivering cloud security for…
F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data
F5 has not shared too much information on the threat actor, but the attack profile seems to point to China. The post F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data appeared first on SecurityWeek. This article…
Qilin Ransomware Gang Claims Cyberattack on Japanese Beer Giant Asahi
The Qilin ransomware group has claimed responsibility for the recent cyberattack on Japanese brewing giant Asahi, adding the company’s name to its dark web data leak site. The cybercriminals alleged that they had stolen over 9,300 files amounting to…