A new offering named Rhadamanthys, a sophisticated information stealer, has surfaced for sale on underground marketplaces, with subscription packages starting at $299 and reaching up to $499 per month. Marked by its polished branding and tiered pricing structure, the malware…
Oracle Confirms Hackers Target E-Business Suite Data in Extortion Campaigns
Oracle has confirmed that a group of hackers stole data from its E-Business Suite (EBS) applications and is using the information in extortion campaigns. The company warns that these attackers exploited vulnerabilities already fixed in the July 2025 Critical Patch…
Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails
Oracle Corporation has officially acknowledged that cybercriminals are targeting customers of its E-Business Suite (EBS) platform through sophisticated extortion campaigns. The company’s Chief Security Officer, Rob Duhart, confirmed that hackers have been exploiting previously identified vulnerabilities that were addressed in…
When loading a model means loading an attacker
You probably think twice before downloading a random app or opening an unfamiliar email attachment. But how often do you stop to consider what happens when your team downloads and loads a machine learning model? A recent study shows why…
Shutdown furloughs CISA, Defender BIOS bug, Motilily dealership cyberattack
Government shutdown furloughs most CISA staff Microsoft Defender bug triggers erroneous BIOS update alerts Motility RV software company suffers cyberattack Huge thanks to our sponsor, Nudge Security Here’s the thing: your employees are signing up for new apps, sharing data,…
What personal information does the Nintendo Switch 2 collect?
As we enter the festive season, Nintendo has stepped up its production, making it possible for consumers actually to find stock of the latest Nintendo… The post What personal information does the Nintendo Switch 2 collect? appeared first on Panda…
Red Hat Confirms GitLab Instance Hack, Data Theft
Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services. The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Hundreds of Free VPN Apps Expose Android and iOS Users’ Personal Data
Virtual Private Networks (VPNs) are trusted by millions to protect privacy, secure communications, and enable remote access on their mobile devices. But what if the very apps designed to safeguard your data are riddled with dangerous security flaws that expose…
Signal Introduces Hybrid Post-Quantum Ratchet to Strengthen Security
Signal, the popular end-to-end encrypted messaging platform, has announced a groundbreaking advancement in cryptographic security with the introduction of the Sparse Post Quantum Ratchet (SPQR). This innovative protocol represents a significant leap forward in protecting user communications against emerging quantum…
Google warns of Cl0p extortion campaign against Oracle E-Business users
Google observed Cl0p ransomware group sending extortion emails to executives, claiming theft of Oracle E-Business Suite data. Google Mandiant and Google Threat Intelligence Group (GTIG) researchers are tracking a suspected Cl0p ransomware group’s activity, where threat actors attempt to extort…
Protegrity Developer Edition: Free containerized Python package to secure AI pipelines
Protegrity Developer Edition enables developers, data scientists, ML engineers, and security teams an easy way to add data protection into GenAI and unstructured data workflows, without the need for enterprise setup. Billed as the first enterprise-grade, governance-focused Python package, it…
Confucius Hacker Group Weaponizes Documents to Infect Windows Systems with AnonDoor Malware
The Confucius hacking group, a long-running cyber-espionage operation with suspected state-sponsored ties, has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware. The December 2024 campaign demonstrated…
PoC Released for VMware Workstation Guest-to-Host Escape Vulnerability
NCC Group detailed a VMware Workstation guest-to-host escape achievable from a compromised VM via a logic flaw in virtual device handling that permits memory corruption and controlled code execution on the host process. The write-up shows a practical exploitation path…
Microsoft Defender Bug Sparks Numerous False BIOS Security Alerts
Microsoft Defender for Endpoint users, particularly those with Dell devices, are experiencing a widespread issue with false Basic Input/Output System (BIOS) security alerts due to a critical software bug. The problem, which surfaced on October 2, 2025, has prompted Microsoft…
HomeRefill – 187,457 breached accounts
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth…
Red Hat Confirms Data Breach After Hackers Claim to Steal 570GB of Private GitHub Repositories
Red Hat, the world’s leading enterprise open-source software provider, has officially confirmed a significant security incident involving unauthorized access to its internal GitLab instance used by the Red Hat Consulting team. This confirmation comes after the threat actor group known…
Passkeys rise, but scams still hit hard in 2025
Americans are dealing with a growing wave of digital scams, and many are losing money in the process. According to the fourth annual Consumer Cyber Readiness Report, nearly half of U.S. adults have been targeted by cyberattacks or scams, and…
4 ways to use time to level up your security monitoring
SIEMs excel at correlating events and firing alerts, but their ingest pipelines can get overwhelmed when scaled. And because most SIEMs rely on general-purpose log storage platforms, even with lower-cost archive tiers, long-term retention at full fidelity remains expensive, forcing…
Over 40% of schools have already experienced AI-related cyber incidents
Keeper Security, the provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords and passkeys, privileged accounts, secrets and remote connections, today released a new research report named AI in Schools: Balancing Adoption with Risk. The study reveals…
Apple strengthens storage flexibility with new disk image formats
Apple’s release of macOS 26 Tahoe introduced a new disk image format and updated an older one, both of which are drawing attention from system testers and forensic examiners. Apple Sparse Image Format (ASIF) The Apple Sparse Image Format (ASIF)…
Cybersecurity Today: Red Hat Breach, CLOP Targets Oracle, and CISA Cuts Critical Support
Cybersecurity Today: Red Hat Breach, CLOP Targets Oracle, and CISA Cuts Critical Support In this episode of Cybersecurity Today, host Jim Love covers a recent breach of Red Hat’s consulting GitLab server, highlighting concerns over exposed network maps and tokens.…
IT Security News Hourly Summary 2025-10-03 06h : 1 posts
1 posts were published in the last hour 4:2 : New infosec products of the week: October 3, 2025
New Obex Tools Blocks Runtime Loading of EDR Dynamic Libraries
Obex, a newly released proof-of-concept utility by security researcher dis0rder0x00, demonstrates a simple but effective user-mode method to stop unwanted security and monitoring modules from loading into Windows processes. The tool launches a target process under debugger control and enforces…
AI hype hits a wall when the data doesn’t deliver
Companies are pouring money into AI for IT operations, but most projects are still far from maturity. A global survey of 1,200 business leaders, IT leaders, and technical specialists found that while spending and confidence are rising, only 12% of…