A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security firm Wiz,…
Category: EN
Tata Motors Breach Exposed 70TB of Sensitive Data Before Fix
Security researcher Eaton Zveare discovered that two sets of Amazon Web Services keys were left exposed across Tata Motors’ online platforms. The post Tata Motors Breach Exposed 70TB of Sensitive Data Before Fix appeared first on TechRepublic. This article has…
Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited
Microsoft has patched a critical race condition vulnerability in its Windows Cloud Files Minifilter driver, known as CVE-2025-55680, which enables local attackers to escalate privileges and create arbitrary files across the system. Discovered by researchers at Exodus Intelligence in March…
Dentsu has Disclosed that its U.S.-based Subsidiary Merkle Suffers Cyberattack
Global advertising and marketing giant Dentsu has confirmed that its U.S.-based subsidiary Merkle experienced a cyberattack, prompting immediate incident response measures and system shutdowns to contain the breach. The company detected abnormal activity within Merkle’s network infrastructure, which led to…
Canada Warns of Hackers Breached ICS Devices Controlling Water and Energy Facilities
Canadian authorities have issued an urgent alert following multiple confirmed incidents where cybercriminals compromised internet-accessible Industrial Control Systems (ICS) devices protecting critical infrastructure across the nation. The Canadian Centre for Cyber Security and the Royal Canadian Mounted Police report that…
New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers
A sophisticated privilege escalation vulnerability in Windows SMB servers, leveraging Ghost Service Principal Names (SPNs) and Kerberos authentication reflection to achieve remote SYSTEM-level access. Microsoft designated this as CVE-2025-58726, an “SMB Server Elevation of Privilege” flaw impacting all Windows versions…
PolarEdge Botnet Infected 25,000+ Devices and 140 C2 Servers Exploiting IoT Vulnerabilities
A sophisticated botnet campaign has compromised more than 25,000 IoT devices across 40 countries while establishing 140 command-and-control servers to facilitate cybercrime operations. The PolarEdge botnet, first disclosed in February 2025, exploits vulnerable IoT and edge devices to construct an…
France jacks into the Matrix for state messaging – and pays too
Governments eye comms alternatives as sovereignty worries mount Comment Decentralized communications network Matrix is hoping to be the beneficiary as European public and private sector organizations ponder alternatives to the messaging status quo.… This article has been indexed from The…
Dynamic binary instrumentation (DBI) with DynamoRio
Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. This article has been indexed from Cisco Talos Blog Read the original article: Dynamic binary instrumentation…
New Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB Privileges
Microsoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs) combined with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines, even when previous Kerberos mitigations are in place.…
Deepfake-as-a-Service 2025 – How Voice Cloning and Synthetic Media Fraud Are Changing Enterprise Defenses
Deepfake-as-a-Service 2025. How voice cloning and synthetic media fraud hit enterprises, with case studies, detection tactics, and CISO actions. This article has been indexed from Darknet – Hacking Tools, Hacker News & Cyber Security Read the original article: Deepfake-as-a-Service 2025…
Former US Defense Contractor Executive Admits to Selling Exploits to Russia
Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker. The post Former US Defense Contractor Executive Admits to Selling Exploits to Russia appeared first on SecurityWeek. This article has been indexed…
Defense Contractor Boss Pleads Guilty to Selling Zero-Day Exploits to Russia
The former general manager of defense contractor Trenchant has admitted selling zero-days to Russian broker This article has been indexed from www.infosecurity-magazine.com Read the original article: Defense Contractor Boss Pleads Guilty to Selling Zero-Day Exploits to Russia
US Telco Services Firm Reports Nation-State Hack
Hack on Ribbon Communications was in place for almost a year, recalling previous long-term cyber-espionage campaigns This article has been indexed from Silicon UK Read the original article: US Telco Services Firm Reports Nation-State Hack
Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed
Dentsu said its U.S. unit Merkle was hit by a cyberattack exposing staff and client data, forcing some systems offline to mitigate the security breach. Japanese multinational advertising and public relations company Dentsu, one of the largest marketing agencies in…
Impenetrable Security for Non-Human Identities
The Strategic Importance of Non-Human Identities in Cybersecurity Have you ever considered how critical Non-Human Identities (NHIs) are to the security architecture of numerous sectors? With the increasing reliance on automated systems and cloud-based environments, NHIs have become pivotal in…
Free Your Organization from Identity Threats
Are Machine Identities the Key to Freeing Your Organization from Threats? When considering ways to protect organizations from emerging cybersecurity threats, one often-overlooked element is the management of Non-Human Identities (NHIs). With more organizations migrate to the cloud, the importance…
Amazon Brings ‘Rainier’ Data Centre Project Online
First phase of Amazon’s Project Rainier data centre cluster comes online to train and run Anthropic Claude AI models, using custom chips This article has been indexed from Silicon UK Read the original article: Amazon Brings ‘Rainier’ Data Centre Project…
New Malware Infects WooCommerce Sites Through Fake Plugins to Steal Credit Card Data
A sophisticated malware campaign is actively targeting WordPress e-commerce websites using the WooCommerce plugin, according to recent findings from the Wordfence Threat Intelligence Team. The malware campaign, which employs advanced evasion techniques and multi-layered attack strategies, disguises itself as a…
Privilege Escalation Exploit Targets Windows Cloud Files Minifilter
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern for systems utilising OneDrive and similar cloud…