A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet…
Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
NCSC: Patch Critical Oracle EBS Bug Now
A critical Oracle E-Business Suite vulnerability is being actively exploited by the Clop ransomware group This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC: Patch Critical Oracle EBS Bug Now
AMD To Supply OpenAI With Data Centre Chips
AMD shares surge on multi-year deal to sell 6 gigawatts’ worth of advanced AI chips to power OpenAI data centres This article has been indexed from Silicon UK Read the original article: AMD To Supply OpenAI With Data Centre Chips
Qualcomm Faces £480m Fight In London Court
Which? alleges Qualcomm used market power to overcharge Apple, Samsung, says those who bought handsets due for payout in London legal fight This article has been indexed from Silicon UK Read the original article: Qualcomm Faces £480m Fight In London…
CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also…
Britain eyes satellite laser warning system and carrier-launched jet drones
Space sensors and UAVs at sea top MoD’s list in new wave of cutting-edge projects The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a…
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization…
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An…
OpenSSH ProxyCommand Flaw Allows Remote Code Execution – PoC Released
Security researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution on client systems. Tracked as CVE-2025-61984, the vulnerability arises from inadequate filtering of control characters in usernames when expanding the…
Discord warns users after data stolen in third-party breach
The stolen data includes names, emails, limited billing information, and some government-ID images. This article has been indexed from Malwarebytes Read the original article: Discord warns users after data stolen in third-party breach
UK Home Office opens wallet for £60M automated number plate project
Department eyes new app to tap national ANPR data for live alerts, searches, and integrations The UK’s Home Office is inviting tech suppliers to take part in a £60 million “market engagement” for an application that uses data from automated…
Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices. The post The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem,…
Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
A critical GoAnywhere vulnerability is being exploited by the Medusa ransomware group, says Microsoft This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
Chinese Firm Submerges Data Centre To Reduce Power
China’s Highlander set to deploy data centre off coast of Shanghai this month in effort to slash power required for cooling This article has been indexed from Silicon UK Read the original article: Chinese Firm Submerges Data Centre To Reduce…
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.…
CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks
CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025. The vulnerability affects the Microsoft Windows Common Log File System (CLFS) Driver and poses significant…
Credential stuffing: £2.31 million fine shows passwords are still the weakest link
How recycled passwords and poor security habits are fueling a cybercrime gold rush Partner Content If you’re still using “password123” for more than one account, there’s a good chance you’ve already exposed yourself to credential stuffing attacks — one of…
IT Security News Hourly Summary 2025-10-07 09h : 4 posts
4 posts were published in the last hour 7:2 : GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware 7:2 : Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances 6:32 : Mustang Panda Adopts New DLL Side-Loading…
AI Takes Lion’s Share Of 2025 Venture Capital
This year is on track to be first in which more than half of all venture-capital deals go to AI firms, finds PitchBook This article has been indexed from Silicon UK Read the original article: AI Takes Lion’s Share Of…
CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this flaw resides in the Common Log File System (CLFS) driver. Attackers who gain local access…
The Evolving Role of the CSO: From Technical Guardian to Business Strategist
Discover how today’s CSOs are transforming from technical guardians into strategic business leaders driving revenue, growth, and customer trust. The post The Evolving Role of the CSO: From Technical Guardian to Business Strategist appeared first on Security Boulevard. This article…
Survey Sees AI Becoming Top Cybersecurity Investment Priority
AI tops cybersecurity investments for 2025 as organizations leverage threat detection, AI agents, and behavioral analysis to close skills gaps and boost defense. The post Survey Sees AI Becoming Top Cybersecurity Investment Priority appeared first on Security Boulevard. This article…