In late September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a public alert regarding the active exploitation of a critical command injection vulnerability tracked as CVE-2025-59689 in Libraesva Email Security Gateway (ESG) devices. This flaw has rapidly emerged…
USENIX 2025: PEPR ’25 – Unlocking Cross-Organizational Insights: Practical MPC for Cloud-Based Data Analytics
Creator, Author and Presenter: Daniele Romanini, Resolve Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX 2025: PEPR ’25 – Unlocking Cross-Organizational Insights: Practical MPC for…
Google bolts AI into Drive to catch ransomware, but crooks not shaking yet
Stopping the spread isn’t the same as stopping attacks, period Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won’t stop attacks outright.… This…
OpenSSL Release Announcement for 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd and 1.0.2zm
Release Announcement for OpenSSL Library 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd and 1.0.2zm The OpenSSL Project team announces the release of new versions of our open-source toolkit for SSL/TLS. This article has been indexed from Blog on OpenSSL Library Read…
IT Security News Hourly Summary 2025-09-30 21h : 4 posts
4 posts were published in the last hour 19:3 : Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years 19:3 : Tile’s Privacy Failures Leave Trackers Wide Open to Stalking 18:32 : Tesla Patches TCU Bug Allowing Root…
Cybersecurity Starts With You: Lessons From Phishing, Ransomware, and Real-World Mistakes
This Cybersecurity Awareness Month, see how real-world phishing and ransomware attacks reveal why every employee plays a role in protection. The post Cybersecurity Starts With You: Lessons From Phishing, Ransomware, and Real-World Mistakes appeared first on eSecurity Planet. This article…
Ted Cruz blocks bill that would extend privacy protections to all Americans
The Texas senator blocked a bill that would have prevented data brokers from collecting and selling personal data on anyone in the United States, and not just federal lawmakers and government officials. This article has been indexed from Security News…
How SOC Teams Detect Can Detect Cyber Threats Quickly Using Threat Intelligence Feeds
Security Operations Centers (SOCs) protect organizations’ digital assets from ongoing cyber threats. To assess their effectiveness, SOCs use key performance indicators (KPIs) such as Mean Time to Detect (MTTD) and False Positive Rate (FPR). Although these metrics are often seen…
APT35 Hackers Attacking Government, Military Organizations to Steal Login Credentials
In recent months, a surge in targeted intrusions attributed to the Iranian-aligned threat group APT35 has set off alarm bells across government and military networks worldwide. First detected in early 2025, the campaign leverages custom-built malware to infiltrate secure perimeters…
$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. “We built a simple, $50 interposer that sits quietly…
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Cybersecurity researchers at Palo Alto Networks’ Unit 42 say Chinese APT Phantom Taurus breached Microsoft Exchange servers for years using a backdoor to spy on diplomats and defense data. This article has been indexed from Hackread – Latest Cybersecurity, Hacking…
Tile’s Privacy Failures Leave Trackers Wide Open to Stalking
Researchers have found that Tile trackers broadcast unencrypted data, leaving users vulnerable to stalking and raising significant privacy concerns. The post Tile’s Privacy Failures Leave Trackers Wide Open to Stalking appeared first on eSecurity Planet. This article has been indexed…
Tesla Patches TCU Bug Allowing Root Access Through USB Port
Tesla patches a TCU bug that let attackers gain root via USB, highlighting risks in connected vehicle security. The post Tesla Patches TCU Bug Allowing Root Access Through USB Port appeared first on eSecurity Planet. This article has been indexed…
LLM07: System Prompt Leakage – FireTail Blog
Sep 30, 2025 – Lina Romero – In 2025, AI is everywhere, and so are AI vulnerabilities. OWASP’s Top Ten Risks for LLMs provides developers and security researchers with a comprehensive resource for breaking down the most common risks to…
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. “Phantom Taurus’ main focus areas include ministries of foreign…
IT Security News Hourly Summary 2025-09-30 18h : 12 posts
12 posts were published in the last hour 16:4 : Smishing Campaigns Exploit Cellular Routers to Target Belgium 16:4 : Canadian airline WestJet says some customer data stolen in June cyberattack 15:32 : “user=admin”. Sometimes you don’t even need to…
Hack of US Surveillance Provider RemoteCOM Exposes Court Data
A massive data breach at RemoteCOM exposed 14,000 personal files and police contacts from the SCOUT software. Learn what this aggressive spyware records, and the high risks for all involved parties. This article has been indexed from Hackread – Latest…
MegaSys Enterprises Telenium Online Web Application
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Megasys Enterprises Equipment: Telenium Online Web Application Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject…
Festo Controller CECC-S,-LK,-D Family Firmware
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: Controller CECC-S,-LK,-D Family Firmware Vulnerabilities: Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties,…
OpenPLC_V3
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Low attack complexity Vendor: OpenPLC_V3 Equipment: OpenPLC_V3 Vulnerability: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the…
Festo CPX-CEC-C1 and CPX-CMXX
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: CPX-CEC-C1 and CPX-CMXX Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated, remote access to critical webpage functions…
Festo SBRD-Q/SBOC-Q/SBOI-Q
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: SBRD-Q/SBOC-Q/SBOI-Q Vulnerabilities: Incorrect Conversion between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow the attacker to…
Japan’s beer-making giant Asahi stops production after cyberattack
A day after one of Japan’s biggest brewers, Asahi Group, announced it suspended production due to a cyberattack, the company said it has no timeline for its recovery. This article has been indexed from Security News | TechCrunch Read the…
Tile trackers plagued by weak security, researchers warn
Researchers found several security problems in Life360’s Tile trackers, most of which could be solved with encryption. This article has been indexed from Malwarebytes Read the original article: Tile trackers plagued by weak security, researchers warn