Fuji Electric has released patches and Japan’s JPCERT has informed organizations about the vulnerabilities. The post Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data
The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake ‘payment lures’ and urgent security alerts to trick victims into calling a fraudulent…
Qilin Ransomware Leverages Ghost Bulletproof Hosting for Global Attacks
Qilin ransomware–an increasingly prolific ransomware-as-a-service (RaaS) operation–has intensified its global extortion campaigns by exploiting a covert network of bulletproof hosting (BPH) providers. These rogue hosting services, often headquartered in secrecy-friendly jurisdictions and operated through labyrinthine shell-company structures, allow Qilin’s operators…
Cryptocurrency ATMs
CNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money. The fees are usurious, and they’re a common place for scammers to send victims to buy cryptocurrency for them. The companies behind…
Critical Apache ActiveMQ Vulnerability Let Attackers Execute Arbitrary Code
The Apache Software Foundation has disclosed a critical vulnerability in its ActiveMQ NMS AMQP Client that could allow attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2025-54539, this deserialization flaw poses a serious risk to applications relying on…
New nightMARE Python Library to Analyze Malware and Extract Intelligence Indicators
Since its public debut in October 2025, nightmare has quickly become a vital tool for malware analysts seeking to streamline static and dynamic analysis workflows. Developed by Elastic Security Labs, nightmare brings together mature open-source reverse engineering components under a…
Capita To pay £14 Million For Data Breach Exposes 6.6 Million Users Personal Data
The UK’s Information Commissioner’s Office (ICO) has imposed a £14 million fine on outsourcing giant Capita following a major cyber attack in 2023 that exposed the personal data of 6.6 million individuals. This penalty, split as £8 million to Capita…
Tech industry grad hiring crashes 46% as bots do junior work
GenAI meets Gen Z – only one gets the job ai-pocalypse The UK tech sector is cutting graduate jobs dramatically – down 46 percent in the past year, with another 53 percent drop projected, according to figures from the Institute…
Cisco Routers Hacked for Rootkit Deployment
Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices. The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Beware the Hidden Costs of Pen Testing
Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results. The benefits of pen…
IT Security News Hourly Summary 2025-10-16 12h : 11 posts
11 posts were published in the last hour 10:3 : Inside Sekoia.io Hackathon 2025 – Innovating together for customer satisfaction 10:3 : Laura Faria: Empathy on the front lines 10:3 : BeaverTail and OtterCookie evolve with a new Javascript module…
Mysterious Elephant APT Breach: Hackers Infiltrate Organization to Steal Sensitive Data
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, active since early 2025, rely on custom-built…
Capita Fined £14 Million After Data Breach Exposes 6.6 Million Users
The UK’s Information Commissioner’s Office has imposed a £14 million penalty on Capita following a major cyber attack in March 2023 that exposed the personal information of 6.6 million people. The fine was split between Capita plc, which received £8…
Critical Samba Flaw Allows Remote Attackers to Execute Arbitrary Code
A newly disclosed vulnerability in Samba’s WINS server hook script enables unauthenticated attackers to run arbitrary commands on affected domain controllers. This critical flaw, tracked as CVE-2025-10230, carries a maximum CVSSv3.1 score of 10.0, reflecting its ease of exploitation and…
Roku accused of selling children’s data to advertisers and brokers
Florida claims Roku ignored clear signs its users were minors, collecting and selling viewing habits, voice recordings and precise locations. This article has been indexed from Malwarebytes Read the original article: Roku accused of selling children’s data to advertisers and…
Mango discloses data breach at third-party provider
The fashion retailer says a breach at a marketing partner exposed limited contact details—but no financial data or passwords. This article has been indexed from Malwarebytes Read the original article: Mango discloses data breach at third-party provider
US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin
The U.S. government has seized more than $14 billion in bitcoin and charged the founder of a Cambodian conglomerate in a massive cryptocurrency scam, accusing him and unnamed co-conspirators of exploiting forced labor to dupe would-be investors and using the…
Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code
An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution. The vulnerability, tracked as CVE-2025-54539, exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client connects…
Inside Sekoia.io Hackathon 2025 – Innovating together for customer satisfaction
Last month, the Sekoia.io Tech & Product teams decamped in southern Brittany for our 2025 internal Hackathon. Over three intense days, seven self-organized squads took on one mission: deliver measurable, customer-centric enhancements to the AI-SOC platform. From faster page loads…
Laura Faria: Empathy on the front lines
Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments — including high-stakes situations impacting critical infrastructure. This article has been indexed from…
BeaverTail and OtterCookie evolve with a new Javascript module
Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK). This article has been indexed from Cisco Talos Blog Read the original article: BeaverTail and OtterCookie evolve with a new Javascript…
CISA Alerts on Adobe Experience Manager Flaw Exploited for Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager Forms vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in the wild. The security issue, tracked as CVE-2025-54253, affects…
Windows BitLocker Flaws Allow Attackers to Bypass Encryption Protection
Two newly disclosed vulnerabilities in Microsoft’s BitLocker drive encryption feature could allow attackers to bypass encryption safeguards on Windows systems. Tracked as CVE-2025-55333 and CVE-2025-55338, these flaws involve incomplete comparison logic and configuration weaknesses that may let a local, low-privileged…
New Phishing Technique Targets Users via Basic Auth URLs
Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique—Basic Authentication URL formatting—to visually impersonate the bank and deceive customers. This discovery prompted a broader review of phishing activity…