“Ownership” is one of the harder concepts to define in the modern enterprise. This feels deceptive because, from a personal and human level, ownership is a rather straightforward concept. When you own something as a person, like your car or…
AI-Enabled Influence Operation Against Iran
Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel. Key Findings A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer…
Troops and veterans’ personal information leaked in CPAP Medical data breach
The leak exposed the names, Social Security numbers, and health details of more than 90,000 military patients, troops, veterans, and their families. This article has been indexed from Malwarebytes Read the original article: Troops and veterans’ personal information leaked in…
Filigran Raises $58 Million in Series C Funding
The company plans to expand to new markets, fuel the development of a new module for its platform, and accelerate AI integration. The post Filigran Raises $58 Million in Series C Funding appeared first on SecurityWeek. This article has been…
IT Security News Hourly Summary 2025-10-07 12h : 13 posts
13 posts were published in the last hour 10:3 : Too salty to handle: Exposing cases of CSS abuse for hidden text salting 10:3 : Supreme Court Rejects Google Bid To Halt App Store Changes 10:2 : Hackers Exploit Legitimate…
Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations
BIETA and its subsidiary CIII research develop and sell technologies supporting China’s intelligence, counterintelligence, and military operations. The post Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations appeared first on SecurityWeek. This article has been indexed…
Understanding Eye Vein Biometrics
Explore eye vein biometrics for authentication. Learn about its technology, security, development aspects, and how it compares to passwordless authentication methods. The post Understanding Eye Vein Biometrics appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
Spike in Login Portal Scans Puts Palo Alto Networks on Alert
The Palo Alto Networks login portals have seen a dramatic surge in suspicious scanning activity over the past month, a development that has caught the attention of the cybersecurity community. Evidence suggests that threat actors are trying to coordinate…
Fake SIM Cards Fuel Cybercrime Surge as Eastern Uttar Pradesh Emerges Under Scrutiny
A quiet digital crisis is spreading across India. In the past three months, the Department of Telecommunications (DoT) has disconnected more than 6.1 million mobile numbers after uncovering large-scale fraudulent registrations. Investigators say eastern Uttar Pradesh has become a…
New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy. This article has been…
CrowdStrike Alerts on Oracle E-Business Suite 0-Day Under Mass Exploitation
A novel zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited in a large-scale data exfiltration campaign, with CrowdStrike Intelligence attributing primary involvement to the GRACEFUL SPIDER threat group and warning that public proof-of-concept details will spur further…
13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An…
Too salty to handle: Exposing cases of CSS abuse for hidden text salting
A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. This…
Supreme Court Rejects Google Bid To Halt App Store Changes
US Supreme Court rejects emergency request by Google to halt court-ordered changes to app store rules designed to increase competition This article has been indexed from Silicon UK Read the original article: Supreme Court Rejects Google Bid To Halt App…
Hackers Exploit Legitimate Commands to Breach Databases
In recent years, adversaries have abandoned traditional malware in favor of “living-off-the-land” operations against cloud and SaaS environments. Rather than deploying custom ransomware binaries, many threat actors now exploit misconfigured database services—leveraging only built-in commands to steal, destroy, or encrypt…
Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials
Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for the exposure of sensitive credentials. The flaw, tracked as CVE-2025-37728, affects multiple versions of Kibana and could allow a malicious user…
GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware
A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet…
Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
NCSC: Patch Critical Oracle EBS Bug Now
A critical Oracle E-Business Suite vulnerability is being actively exploited by the Clop ransomware group This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC: Patch Critical Oracle EBS Bug Now
AMD To Supply OpenAI With Data Centre Chips
AMD shares surge on multi-year deal to sell 6 gigawatts’ worth of advanced AI chips to power OpenAI data centres This article has been indexed from Silicon UK Read the original article: AMD To Supply OpenAI With Data Centre Chips
Qualcomm Faces £480m Fight In London Court
Which? alleges Qualcomm used market power to overcharge Apple, Samsung, says those who bought handsets due for payout in London legal fight This article has been indexed from Silicon UK Read the original article: Qualcomm Faces £480m Fight In London…
CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also…
Britain eyes satellite laser warning system and carrier-launched jet drones
Space sensors and UAVs at sea top MoD’s list in new wave of cutting-edge projects The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a…
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization…