Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation…
Category: EN
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated…
Chinese Hackers Use Geo-Mapping Tool for Year-Long Persistence
The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor—an attack so unique it prompted the vendor to update its documentation. The attackers repurposed a legitimate Java…
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam
The U.S. government has seized about $15 billion worth of Bitcoin connected to what prosecutors call one of the largest cryptocurrency fraud and human trafficking operations ever uncovered. Federal prosecutors in Brooklyn have charged Chen Zhi, also known as “Vincent,”…
Corelight unveils AWS Flow Monitoring to eliminate cloud blind spots
Corelight launched Flow Monitoring for AWS environments, expanding network visibility across cloud and on-premises ecosystems through comprehensive analysis of flow data. This new capability addresses critical challenges facing security operations (SOC) teams by delivering visibility across AWS Virtual Private Cloud…
Legacy Windows protocols expose theft, Fortra admits GoAnywhere defect, Taiwan claims surge in Chinese attacks
Legacy Windows protocols still expose theft Fortra admits exploitation of GoAnywhere defect Taiwan claims surge in Chinese attack efforts Huge thanks to our sponsor, Vanta What’s your 2 AM security worry? Is it “Do I have the right controls…
Government Warns Businesses As Major Cyber-Attacks Surge
Government tells business chiefs to have pen-and-paper backup plans readily accessible as nationally significant cyber-attacks double This article has been indexed from Silicon UK Read the original article: Government Warns Businesses As Major Cyber-Attacks Surge
Cybersecurity Habits That Changed My Family
Small habits like pausing before clicks and using MFA can protect families. Learn how awareness creates safer digital lives. The post Cybersecurity Habits That Changed My Family appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code
Google has rolled out an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems. The patch is included in version 141.0.7390.107 for Linux and 141.0.7390.107/.108 for…
Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
Microsoft has patched a critical flaw in its Remote Desktop Client that could allow attackers to execute malicious code on victims’ systems. Disclosed on October 14, 2025, as CVE-2025-58718, the vulnerability stems from a use-after-free error, earning an “Important” severity…
Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely
Veeam Software has disclosed three serious security flaws in its Backup & Replication suite and Agent for Microsoft Windows, which enable remote code execution and privilege escalation, potentially compromising enterprise backup infrastructures. These vulnerabilities, patched in recent updates, primarily affect…
End of Support for Windows 10 Sparks Security Fears Among Millions of Users
Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance, feature updates, and security patches for one of the most widely…
A Look at AI: Black Hat 2025 Revealed Concerns & Spotlighted Opportunities
At Black Hat 2025, AI dominated the spotlight—showcasing new cybersecurity innovations, NHI risks, and the urgent need for identity-aware AI security. The post A Look at AI: Black Hat 2025 Revealed Concerns & Spotlighted Opportunities appeared first on Security Boulevard.…
A safer way to break industrial systems (on purpose)
Cybersecurity teams often struggle to test defenses for industrial control systems without risking disruption. A group of researchers from Curtin University has developed a way to make that easier. Their work introduces a container-based framework that lets researchers and practitioners…
New Jscrambler AI Assistant accelerates PCI DSS compliance decisions
Jscrambler announced the AI Assistant for PCI DSS script authorization workflows, which delivers context-rich insights and expert recommendations to enable prompt and confident script authorization decisions and justifications. PCI DSS v4 requirements 6.4.3 and 11.6.1 mandate the inventorying, authorizing, and…
Bitsight Brand Intelligence uses AI to detect and takedown impersonation attacks
Bitsight released Bitsight Brand Intelligence, a new module in its cyber threat intelligence application, to empower security and risk teams to detect, triage, and take down brand and executive threats across social media and the open, deep, and dark web.…
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of…
Clipboard Pictures Exfiltration in Python Infostealer, (Wed, Oct 15th)
For a while, clipboard content has been monitored by many infostealers. Purposes can be multiple, like simply searching and exfiltrating juicy data or on-the-fly modification like crypto-wallet swapping[1]. Note that the clipboard is a major risk when you don't disable…
Hackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing Attacks
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited system access to escalate their privileges to the…
Pixnapping Attack Hijacks Google Authenticator 2FA Codes in Under 30 Seconds
Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile applications in under 30 seconds. Pixnapping leverages fundamental features of Android’s graphics rendering system to create…