A massive escalation in attacks targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with over 2,200 unique IP addresses conducting reconnaissance operations as of October 7, 2025. This represents a significant surge from the initial 1,300 IPs observed just days…
Category: EN
CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks
CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), designated as CVE-2025-27915. This vulnerability has been actively exploited in attacks and poses significant risks to organizations using the popular email…
Met Police Arrest Two Teens in Connection with Kido Attack
Two 17-year-olds have been arrested following a cyber-attack on the Kido nursery group This article has been indexed from www.infosecurity-magazine.com Read the original article: Met Police Arrest Two Teens in Connection with Kido Attack
Polymorphic Python Malware, (Wed, Oct 8th)
Today, I spoted on VirusTotal an interesting Python RAT. They are tons of them but this one attracted my attention based on some function names present in the code: self_modifying_wrapper(), decrypt_and_execute() and polymorph_code(). A polymorphic malware is a type of…
Top 10 Best Brand Protection Solutions for Enterprises in 2025
Brand protection has become a necessity for enterprises in 2025, with increasing risks of counterfeiting, phishing, domain abuse, fake social media accounts, and digital piracy. Businesses today must not only defend their intellectual property but also safeguard their digital presence…
Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching
Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks. The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
CyberArk unveils new capabilities to reduce risk across human and machine identities
CyberArk announced new discovery and context capabilities across its Machine Identity Security portfolio. The enhancements enable security teams to find, understand and secure machine identities, spanning certificates, keys, secrets, workloads and more, reducing risk and simplifying compliance at scale. Machine identities…
Netskope UZTNA adds policy control by device posture, risk, and role
Netskope has enhanced its Universal Zero Trust Network Access (UZTNA) solution. Comprised of Netskope One Private Access and Netskope Device Intelligence, Netskope’s UZTNA solution extends beyond the core use case of delivering fast, consistent, secure access to remote and local…
Radiflow360 unifies OT risk, compliance, and response
Radiflow has launched the new Radiflow360, a unified, AI-enhanced OT cybersecurity platform that delivers visibility, risk management and streamlined incident response for mid-sized industrial enterprises. Radiflow360 now enables mid-sized industrial operators to gain visibility and control over their OT networks…
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine…
North Korean attackers steal crypto. Who’s sending UK phones to China? Avnet confirms data breach
North Korean hackers steal more than $2B in crypto Group suspected of sending stolen UK phones to China Avnet confirms breach, says stolen data unreadable Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs…
Does Facebook have a Dating AI assistant?
Yes, Facebook does have a dating AI assistant that helps users be more efficient when searching for matches on the company’s online dating service, Facebook… The post Does Facebook have a Dating AI assistant? appeared first on Panda Security Mediacenter.…
BYD’s EV Sales In UK Jump 880 Percent
UK becomes largest market outside China for world’s biggest EV maker BYD after it sees sales fuelled by low prices, lack of tariffs This article has been indexed from Silicon UK Read the original article: BYD’s EV Sales In UK…
FreePBX SQL Injection Vulnerability Leads to Database Tampering
A critical SQL injection vulnerability in FreePBX, designated as CVE-2025-57819, has been actively exploited by attackers to modify the database and achieve arbitrary code execution on vulnerable systems. The vulnerability affects the popular open-source PBX platform that provides a web-based administration…
CISA Alerts on Zimbra Collaboration Suite Zero-Day XSS Flaw Exploited in Ongoing Attacks
CISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS). This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters. Organizations running ZCS…
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of…
Crimson Collective Exploits AWS Services to Steal Sensitive Data
A newly identified threat group called Crimson Collective has emerged as a significant security concern for organizations using Amazon Web Services (AWS), employing sophisticated techniques to steal sensitive data and extort victims. The Crimson Collective demonstrates remarkable proficiency in exploiting AWS cloud…
Rethinking AI security architectures beyond Earth
If you think managing cloud security is complex, try doing it across hundreds of satellites orbiting the planet. Each one is a moving endpoint that must stay secure while communicating through long, delay-prone links. A new study explores how AI…
BK Technologies Data Breach, IT Systems Compromised, Data Stolen
BK Technologies Corporation, a Florida-based communications equipment manufacturer, disclosed a significant cybersecurity incident that compromised its IT systems and potentially exposed employee data. The company filed an SEC Form 8-K on October 6, 2025, revealing that attackers gained unauthorized access…
Mitigating AI’s new risk frontier: Unifying enterprise cybersecurity with AI safety
These are exciting times for AI. Enterprises are blending AI capabilities with enterprise data to deliver better outcomes for employees, customers, and partners. But as organizations weave AI deeper into their systems, that data and infrastructure also become more attractive…