IT Security News Daily Summary 2025-10-07

150 posts were published in the last hour

• 21:3 : Mic-E-Mouse: When Your Gaming Mouse Becomes a Microphone
• 21:2 : CISA Alerts to Active Attacks on Critical Windows Vulnerability
• 21:2 : GoAnywhere Zero-Day Exploited to Deliver Medusa Ransomware
• 20:32 : Top 10 Best Digital Risk Protection (DRP) Platforms in 2025
• 20:32 : GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns
• 20:32 : Employees regularly paste company secrets into ChatGPT
• 20:5 : IT Security News Hourly Summary 2025-10-07 21h : 7 posts
• 20:2 : Discord Data Breach Exposes User IDs, Billing Info, and Photo IDs
• 20:2 : Data Breach at Doctors Imaging Group Exposes Sensitive Patient Information
• 19:32 : Google Introduces AI-Powered Ransomware Detection in Drive for Desktop
• 18:32 : CodeMender AI Agent Automated Code Security And Vulnerability Patching
• 18:32 : BK Technologies Data Breach – Hackers Compromise IT Systems and Exfiltrate Data
• 18:32 : Why Threat Prioritization Is the Key SOC Performance Driver
• 18:32 : Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware
• 18:32 : #RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
• 18:32 : Disrupting threats targeting Microsoft Teams
• 18:32 : BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers
• 18:2 : 13-Year-Old RediShell Vulnerability Puts 60,000 Redis Servers at Risk
• 18:2 : Identity security tool sprawl: Origins and the way forward
• 17:32 : AI Inference Hardware Decisions: When to Choose CPUs vs. GPUs
• 17:32 : Why Incomplete Documentation Is a Security Vulnerability in SaaS
• 17:32 : ICE bought vehicles equipped with fake cell towers to spy on phones
• 17:32 : Another Critical RCE Discovered in a Popular MCP Server
• 17:32 : Qilin Ransomware Gang Claims Asahi Cyber-Attack
• 17:5 : IT Security News Hourly Summary 2025-10-07 18h : 10 posts
• 17:3 : New AWS whitepaper: Security Overview of Amazon EKS Auto Mode
• 16:32 : Exploit Against FreePBX (CVE-2025-57819) with code execution., (Tue, Oct 7th)
• 16:32 : Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin
• 16:32 : Delta Electronics DIAScreen
• 16:32 : North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say
• 16:32 : Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds
• 16:32 : Nearly a year after attack, US medical scanning biz gets clear image of stolen patient data
• 16:32 : New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security
• 16:3 : Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
• 16:3 : Police and military radio maker BK Technologies cops to cyber break-in
• 16:3 : OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance
• 16:3 : Commvault Adds Ability to Recover Iceberg Data Lake Tables
• 16:2 : Social Event App Partiful Did Not Collect GPS Locations from Photos
• 16:2 : Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
• 16:2 : Qilin Claims Ransomware Attack on Mecklenburg Schools
• 16:2 : Public disclosures of AI risk surge among S&P 500 companies
• 15:32 : Physicists just built a quantum lie detector. It works
• 15:32 : Cyber Awareness Month: Cloud and Application Security Best Practices
• 15:2 : Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation
• 14:32 : Security bug in India’s income tax portal exposed taxpayers’ sensitive data
• 14:32 : Jaguar Land Rover: Production Halted Post-Hack
• 14:32 : Volvo NA Employee Data Exposed in Miljödata Ransomware Attack
• 14:32 : Government Operations in Chaos After South Korea Data Centre Fire
• 14:5 : IT Security News Hourly Summary 2025-10-07 15h : 12 posts
• 14:3 : Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass – PoC Released
• 14:3 : Threat Actors Behind WARMCOOKIE Malware Added New Features to It’s Arsenal
• 14:2 : CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day
• 14:2 : Researchers Reversed Asgard Malware Protector to Uncover it’s Antivirus Bypass Techniques
• 14:2 : Beyond Chatbots: Why Agent Security Is the Industry’s Next Major Challenge
• 14:2 : INE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity”
• 14:2 : Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844)
• 13:33 : Hackers Stole Data From Public Safety Comms Firm BK Technologies
• 13:32 : CMMC and NIST Password Compliance 101: Are They Different?
• 13:32 : Announcing SonarQube MCP Server
• 13:3 : Security in AI Era: Protecting AI Workloads with Google Cloud
• 13:3 : CISA Alerts on Oracle E-Business Suite 0-Day Actively Exploited for Ransomware Attacks
• 13:3 : Edge device security: The frontline of your network
• 13:2 : Barracuda Research centralizes AI-driven threat intelligence and incident analysis
• 13:2 : Threat Actors Claim Huawei Breach
• 13:2 : Red Hat Data Breach Escalates Further
• 13:2 : Steam And Microsoft Warn Of Unity Flaw
• 13:2 : Rhadamanthys Stealer Evolves Again
• 13:2 : XWorm 6.0 Returns With New Plugins
• 12:32 : Kibana CrowdStrike Connector Flaw Exposes Sensitive Credentials
• 12:32 : Cybersecurity M&A Roundup: 40 Deals Announced in September 2025
• 12:32 : Discord Reveals Data Breach Following Third-Party Compromise
• 12:3 : From Ransom to Revenue Loss
• 12:3 : Red Hat Breach Exposes 5000+ High Profile Enterprise Customers at Risk
• 12:2 : Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)
• 12:2 : OPSWAT’s MetaDefender Drive delivers portable, network-free threat scanning
• 12:2 : XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
• 12:2 : New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise
• 11:32 : Cavalry Werewolf APT Targets Russian Organizations Using FoalShell and Telegram C2
• 11:32 : Red Hat Breach Impacts 5,000+ High-Value Enterprise Customers, Data at Risk
• 11:32 : Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT
• 11:32 : AI-Enabled Influence Operation Against Iran
• 11:32 : Troops and veterans’ personal information leaked in CPAP Medical data breach
• 11:32 : Filigran Raises $58 Million in Series C Funding
• 11:5 : IT Security News Hourly Summary 2025-10-07 12h : 13 posts
• 11:3 : Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations
• 11:3 : Understanding Eye Vein Biometrics
• 11:3 : Spike in Login Portal Scans Puts Palo Alto Networks on Alert
• 11:3 : Fake SIM Cards Fuel Cybercrime Surge as Eastern Uttar Pradesh Emerges Under Scrutiny
• 10:32 : New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
• 10:32 : CrowdStrike Alerts on Oracle E-Business Suite 0-Day Under Mass Exploitation
• 10:32 : 13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
• 10:3 : Too salty to handle: Exposing cases of CSS abuse for hidden text salting
• 10:3 : Supreme Court Rejects Google Bid To Halt App Store Changes
• 10:2 : Hackers Exploit Legitimate Commands to Breach Databases
• 10:2 : Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials
• 10:2 : GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware
• 10:2 : Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
• 10:2 : NCSC: Patch Critical Oracle EBS Bug Now
• 9:32 : AMD To Supply OpenAI With Data Centre Chips
• 9:32 : Qualcomm Faces £480m Fight In London Court
• 9:32 : CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
• 9:32 : Britain eyes satellite laser warning system and carrier-launched jet drones
• 9:32 : Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
• 9:32 : 13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
• 9:3 : OpenSSH ProxyCommand Flaw Allows Remote Code Execution – PoC Released
• 9:3 : Discord warns users after data stolen in third-party breach
• 9:3 : UK Home Office opens wallet for £60M automated number plate project
• 9:3 : Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
• 9:3 : The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
• 9:3 : Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
• 8:33 : Chinese Firm Submerges Data Centre To Reduce Power
• 8:33 : CVEs Targeting Remote Access Technologies in 2025
• 8:33 : CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks
• 8:33 : Credential stuffing: £2.31 million fine shows passwords are still the weakest link
• 8:5 : IT Security News Hourly Summary 2025-10-07 09h : 4 posts
• 8:2 : AI Takes Lion’s Share Of 2025 Venture Capital
• 8:2 : CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
• 8:2 : The Evolving Role of the CSO: From Technical Guardian to Business Strategist
• 8:2 : Survey Sees AI Becoming Top Cybersecurity Investment Priority
• 7:32 : Asahi Partially Restarts Breweries After Attack
• 7:32 : Government Issues New Order To Access Apple UK User Data
• 7:32 : U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
• 7:32 : Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day Vulnerability in the Wild
• 7:32 : OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code – PoC Released
• 7:32 : Unity vulnerability, Oracle zero-day patched, Discord user info exposed
• 7:32 : Businesses fear AI is exposing them to more attacks
• 7:2 : GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
• 7:2 : Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances
• 6:32 : Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
• 6:32 : Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day
• 6:2 : NCSC Issues Alert on Active Exploitation of Oracle E-Business Suite 0-Day Vulnerability
• 6:2 : Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks
• 5:32 : 13-Year-Old Redis RCE Flaw Lets Attackers Seize Complete Host Control
• 5:32 : The architecture of lies: Bot farms are running the disinformation war
• 5:32 : How to get better results from bug bounty programs without wasting money
• 5:5 : IT Security News Hourly Summary 2025-10-07 06h : 2 posts
• 5:2 : Huntress Partners with Sherweb in First Global Distribution Deal to Expand MSP Cybersecurity Reach
• 5:2 : Cybersecurity’s next test: AI, quantum, and geopolitics
• 4:32 : Cybersecurity jobs available right now: October 7, 2025
• 4:2 : 2025-10-06: Japanese phishing emails
• 3:32 : 13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System
• 3:2 : 2025-10-02: Android malware
• 2:5 : IT Security News Hourly Summary 2025-10-07 03h : 1 posts
• 2:2 : ISC Stormcast For Tuesday, October 7th, 2025 https://isc.sans.edu/podcastdetail/9644, (Tue, Oct 7th)
• 1:3 : Adpost – 3,339,512 breached accounts
• 23:5 : IT Security News Hourly Summary 2025-10-07 00h : 3 posts
• 23:2 : TDL 006 | Beyond the Firewall: How Attackers Weaponize Your DNS
• 22:55 : IT Security News Daily Summary 2025-10-06
• 22:32 : Inside Microsoft Threat Intelligence: Calm in the chaos
• 22:2 : Cl0p Ransomware Group Exploited in a Zero-Day in Oracle EBS Attacks