Security researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution on client systems. Tracked as CVE-2025-61984, the vulnerability arises from inadequate filtering of control characters in usernames when expanding the…
Discord warns users after data stolen in third-party breach
The stolen data includes names, emails, limited billing information, and some government-ID images. This article has been indexed from Malwarebytes Read the original article: Discord warns users after data stolen in third-party breach
UK Home Office opens wallet for £60M automated number plate project
Department eyes new app to tap national ANPR data for live alerts, searches, and integrations The UK’s Home Office is inviting tech suppliers to take part in a £60 million “market engagement” for an application that uses data from automated…
Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices. The post The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem,…
Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
A critical GoAnywhere vulnerability is being exploited by the Medusa ransomware group, says Microsoft This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
Chinese Firm Submerges Data Centre To Reduce Power
China’s Highlander set to deploy data centre off coast of Shanghai this month in effort to slash power required for cooling This article has been indexed from Silicon UK Read the original article: Chinese Firm Submerges Data Centre To Reduce…
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.…
CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks
CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025. The vulnerability affects the Microsoft Windows Common Log File System (CLFS) Driver and poses significant…
Credential stuffing: £2.31 million fine shows passwords are still the weakest link
How recycled passwords and poor security habits are fueling a cybercrime gold rush Partner Content If you’re still using “password123” for more than one account, there’s a good chance you’ve already exposed yourself to credential stuffing attacks — one of…
IT Security News Hourly Summary 2025-10-07 09h : 4 posts
4 posts were published in the last hour 7:2 : GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware 7:2 : Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances 6:32 : Mustang Panda Adopts New DLL Side-Loading…
AI Takes Lion’s Share Of 2025 Venture Capital
This year is on track to be first in which more than half of all venture-capital deals go to AI firms, finds PitchBook This article has been indexed from Silicon UK Read the original article: AI Takes Lion’s Share Of…
CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this flaw resides in the Common Log File System (CLFS) driver. Attackers who gain local access…
The Evolving Role of the CSO: From Technical Guardian to Business Strategist
Discover how today’s CSOs are transforming from technical guardians into strategic business leaders driving revenue, growth, and customer trust. The post The Evolving Role of the CSO: From Technical Guardian to Business Strategist appeared first on Security Boulevard. This article…
Survey Sees AI Becoming Top Cybersecurity Investment Priority
AI tops cybersecurity investments for 2025 as organizations leverage threat detection, AI agents, and behavioral analysis to close skills gaps and boost defense. The post Survey Sees AI Becoming Top Cybersecurity Investment Priority appeared first on Security Boulevard. This article…
Asahi Partially Restarts Breweries After Attack
Asahi partially resumes production of Super Dry beer, other drinks, food products to follow as company recovers from cyber-attack This article has been indexed from Silicon UK Read the original article: Asahi Partially Restarts Breweries After Attack
Government Issues New Order To Access Apple UK User Data
UK government issues new order to Apple to create backdoor allowing access to encrypted UK user data, after first effort raised US hackles This article has been indexed from Silicon UK Read the original article: Government Issues New Order To…
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and Microsoft IE flaws…
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day Vulnerability in the Wild
Oracle has issued an emergency security alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite after the notorious Cl0p ransomware group began extorting customers who failed to patch their systems. The vulnerability, carrying a maximum CVSS score of…
OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code – PoC Released
A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim’s machine. The vulnerability is a bypass of a previous fix for a similar issue…
Unity vulnerability, Oracle zero-day patched, Discord user info exposed
Unity vulnerability puts popular games at risk Oracle zero-day exploit patched Third-party breach claims Discord user info Huge thanks to our sponsor, ThreatLocker Cybercriminals don’t knock — they sneak in through the cracks other tools miss. That’s why organizations are…
Businesses fear AI is exposing them to more attacks
More than half of companies have already faced AI-powered phishing attacks, a new survey finds. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Businesses fear AI is exposing them to more attacks
GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
A critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tracked…
Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances
The hacker collective styling itself “Scattered Lapsus$ Hunters”—an alliance echoing elements of ShinyHunters, Scattered Spider, and Lapsus$—has launched an extortionware portal to pressure victims into paying for delisting and purported deletion of stolen data. The group’s leverage centers on Salesforce…