Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle’s E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. “We’re…
Category: EN
Microsoft Azure outage, law firm cyberattack, Russian hacktivists pwned
Azure outage blocks access to Microsoft 365 services and admin portals Major U.S. law firm suffers cyberattack Hacktivists aiming for critical infrastructure get pwned Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in…
Hackers Steal 70,000 Official ID Photos From Discord
Discord acknowledges theft of 70,000 official government ID photos from third-party service providing age-verification services This article has been indexed from Silicon UK Read the original article: Hackers Steal 70,000 Official ID Photos From Discord
Hackers Exploit Microsoft Employee Accounts in Salary Theft Scheme
Microsoft Threat Intelligence is sounding the alarm on a surge of sophisticated “payroll pirate” attacks, in which financially motivated adversaries hijack employee accounts to reroute salary payments to attacker-controlled bank accounts. In the first half of 2025, Storm-2657 launched a…
Authorities Dismantle BreachForums’ Reemerged Clearnet Marketplace
In a coordinated effort, international law enforcement agencies seized the clearnet domain breachforums[.]hn, shutting down yet another incarnation of the notorious cybercrime marketplace BreachForums. The domain now displays a joint seizure notice from the U.S. Department of Justice (DOJ) and…
7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely
Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute arbitrary code. Identified as CVE-2025-11001 and CVE-2025-11002, the flaws affect all versions of the software prior to the latest release…
Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain
International law enforcement agencies have seized the latest clearnet domain of the notorious cybercrime marketplace, BreachForums. The domain, breachforums[.]hn, now displays a seizure notice from the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), alongside French…
October 2025 Patch Tuesday forecast: The end of a decade with Microsoft
A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes the end of Office…
From theory to training: Lessons in making NICE usable
SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and…
Google Issues Alert on CL0P Ransomware Actively Exploiting Oracle E-Business Suite Zero-Day
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, Google Threat Intelligence Group (GTIG) and…
Credit Card Payment Terminal Exploited for Remote Access
A security researcher has uncovered a significant vulnerability in a widely used payment terminal that could enable attackers to gain full control of the device in under a minute. The affected model, the Worldline Yomani XR, is found in grocery…
Securing agentic AI with intent-based permissions
When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems…
KFC Venezuela Suffers Alleged Data Breach Exposing 1 Million Customer Records
A threat actor is claiming responsibility for a data breach at KFC’s Venezuela operations, offering for sale a database containing the personal and order information of more than one million customers. The sale was advertised on a dark web forum…
How to Prepare for a Cloud Security Audit in Multi-Cloud and Hybrid Networks
Here is the easiest explanation! Cloud security audit are formal evaluations of an organization’s cloud environments to verify that security controls meet industry standards and regulatory requirements. As businesses are increasingly adopting multi-cloud and hybrid architectures, security audits have grown…
Nagios: Open-source monitoring solution
Nagios is an open-source monitoring solution, now included as part of the robust Nagios Core Services Platform (CSP). It delivers end-to-end visibility across the entire IT infrastructure, covering everything from websites and DNS to servers, routers, switches, workstations, and critical…
Teenage Ransomware Arrest In Day Care Ransom
Cybersecurity Today: Teenage Ransomware Arrests, GoAnywhere Critical Flaw, and Google AI Vulnerability In this episode of Cybersecurity Today, hosted by Jim Love, two teenagers were arrested in London for a ransomware attack on Kiddo International preschools, involving child data extortion.…
7-Zip Vulnerabilities Allowing Remote Code Execution
Two critical vulnerabilities in 7-Zip’s handling of ZIP archives have emerged, enabling remote attackers to execute arbitrary code by exploiting directory traversal flaws. Both issues stem from improper processing of symbolic links within ZIP files, allowing crafted archives to force…
Your SOC is tired, AI isn’t
Security teams have discussed AI in the SOC for years, but solid evidence of its impact has been limited. A recent benchmark study by Dropzone puts measurable evidence behind the idea, showing that AI agents can help analysts work faster…
7-Zip Vulnerabilities Allows Remote Attackers to Execute Arbitrary Code
Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute arbitrary code. Identified as CVE-2025-11001 and CVE-2025-11002, the flaws affect all versions of the software prior to the latest release…
New infosec products of the week: October 10, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Object First, OPSWAT, Radiflow, and Semperis. OPSWAT’s MetaDefender Drive delivers portable, network-free threat scanning Purpose-built for critical infrastructure, MetaDefender Drive with Smart Touch is a…