Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read sensitive files without logging in. Once they grab the machine key, they can trigger a…
ClayRat Android Malware Masquerades as WhatsApp & Google Photos
ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples and 50 distinct droppers. Primarily targeting Russian users, the malware masquerades as popular applications such…
RondoDox Botnet targets 56 flaws across 30+ device types worldwide
RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June. Trend Micro researchers reported that the RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs,…
Pro-Russia Hacktivists “Claim” Attack on Water Utility Honeypot
Forescout said that the TwoNet actor was lured into attacking a honeypot disguised as a water treatment utility, providing insights into the group’s tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: Pro-Russia Hacktivists “Claim” Attack on…
IT Security News Hourly Summary 2025-10-10 09h : 7 posts
7 posts were published in the last hour 7:4 : Hackers Steal 70,000 Official ID Photos From Discord 7:4 : Hackers Exploit Microsoft Employee Accounts in Salary Theft Scheme 7:4 : Authorities Dismantle BreachForums’ Reemerged Clearnet Marketplace 7:4 : 7-Zip…
BYD Opens Brazil EV Factory Amidst Controversy
Chinese new-energy carmaker BYD inaugurates its biggest EV plant outside of Asia amidst economic, human rights controversies This article has been indexed from Silicon UK Read the original article: BYD Opens Brazil EV Factory Amidst Controversy
Google Warns of CL0P Ransomware Group Actively Exploiting Oracle E-Business Suite Zero-Day
The cybersecurity landscape faces a new and significant threat as the notorious CL0P ransomware group has launched a large-scale extortion campaign targeting Oracle E-Business Suite (EBS) environments. Starting September 29, 2025, security researchers began tracking a sophisticated operation where threat…
Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks
Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations. The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
US Regulator Probes Tesla Over ‘Full Self-Driving’ Safety Violations
Latest Tesla probe focuses on cars equipped with FSD that drove through red lights or on wrong side of road, causing crashes This article has been indexed from Silicon UK Read the original article: US Regulator Probes Tesla Over ‘Full…
Snake Keylogger Uses Weaponized Emails and PowerShell to Steal Sensitive Data
A newly observed information‐stealing campaign is deploying a stealthy variant of the SnakeKeylogger malware via weaponized e-mails that masquerade as legitimate remittance advice from CPA Global and Clarivate. Researchers first identified the infection vector on October 7, 2025, when recipients…
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle’s E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. “We’re…
Microsoft Azure outage, law firm cyberattack, Russian hacktivists pwned
Azure outage blocks access to Microsoft 365 services and admin portals Major U.S. law firm suffers cyberattack Hacktivists aiming for critical infrastructure get pwned Huge thanks to our sponsor, ThreatLocker Imagine having the power to decide exactly what runs in…
Hackers Steal 70,000 Official ID Photos From Discord
Discord acknowledges theft of 70,000 official government ID photos from third-party service providing age-verification services This article has been indexed from Silicon UK Read the original article: Hackers Steal 70,000 Official ID Photos From Discord
Hackers Exploit Microsoft Employee Accounts in Salary Theft Scheme
Microsoft Threat Intelligence is sounding the alarm on a surge of sophisticated “payroll pirate” attacks, in which financially motivated adversaries hijack employee accounts to reroute salary payments to attacker-controlled bank accounts. In the first half of 2025, Storm-2657 launched a…
Authorities Dismantle BreachForums’ Reemerged Clearnet Marketplace
In a coordinated effort, international law enforcement agencies seized the clearnet domain breachforums[.]hn, shutting down yet another incarnation of the notorious cybercrime marketplace BreachForums. The domain now displays a joint seizure notice from the U.S. Department of Justice (DOJ) and…
7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely
Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute arbitrary code. Identified as CVE-2025-11001 and CVE-2025-11002, the flaws affect all versions of the software prior to the latest release…
Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain
International law enforcement agencies have seized the latest clearnet domain of the notorious cybercrime marketplace, BreachForums. The domain, breachforums[.]hn, now displays a seizure notice from the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), alongside French…
October 2025 Patch Tuesday forecast: The end of a decade with Microsoft
A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes the end of Office…
From theory to training: Lessons in making NICE usable
SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and…
Google Issues Alert on CL0P Ransomware Actively Exploiting Oracle E-Business Suite Zero-Day
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, Google Threat Intelligence Group (GTIG) and…
Credit Card Payment Terminal Exploited for Remote Access
A security researcher has uncovered a significant vulnerability in a widely used payment terminal that could enable attackers to gain full control of the device in under a minute. The affected model, the Worldline Yomani XR, is found in grocery…
Securing agentic AI with intent-based permissions
When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems…
KFC Venezuela Suffers Alleged Data Breach Exposing 1 Million Customer Records
A threat actor is claiming responsibility for a data breach at KFC’s Venezuela operations, offering for sale a database containing the personal and order information of more than one million customers. The sale was advertised on a dark web forum…
How to Prepare for a Cloud Security Audit in Multi-Cloud and Hybrid Networks
Here is the easiest explanation! Cloud security audit are formal evaluations of an organization’s cloud environments to verify that security controls meet industry standards and regulatory requirements. As businesses are increasingly adopting multi-cloud and hybrid architectures, security audits have grown…