13 posts were published in the last hour 10:3 : Too salty to handle: Exposing cases of CSS abuse for hidden text salting 10:3 : Supreme Court Rejects Google Bid To Halt App Store Changes 10:2 : Hackers Exploit Legitimate…
Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations
BIETA and its subsidiary CIII research develop and sell technologies supporting China’s intelligence, counterintelligence, and military operations. The post Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations appeared first on SecurityWeek. This article has been indexed…
Understanding Eye Vein Biometrics
Explore eye vein biometrics for authentication. Learn about its technology, security, development aspects, and how it compares to passwordless authentication methods. The post Understanding Eye Vein Biometrics appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
Spike in Login Portal Scans Puts Palo Alto Networks on Alert
The Palo Alto Networks login portals have seen a dramatic surge in suspicious scanning activity over the past month, a development that has caught the attention of the cybersecurity community. Evidence suggests that threat actors are trying to coordinate…
Fake SIM Cards Fuel Cybercrime Surge as Eastern Uttar Pradesh Emerges Under Scrutiny
A quiet digital crisis is spreading across India. In the past three months, the Department of Telecommunications (DoT) has disconnected more than 6.1 million mobile numbers after uncovering large-scale fraudulent registrations. Investigators say eastern Uttar Pradesh has become a…
New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy. This article has been…
CrowdStrike Alerts on Oracle E-Business Suite 0-Day Under Mass Exploitation
A novel zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited in a large-scale data exfiltration campaign, with CrowdStrike Intelligence attributing primary involvement to the GRACEFUL SPIDER threat group and warning that public proof-of-concept details will spur further…
13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An…
Too salty to handle: Exposing cases of CSS abuse for hidden text salting
A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. This…
Supreme Court Rejects Google Bid To Halt App Store Changes
US Supreme Court rejects emergency request by Google to halt court-ordered changes to app store rules designed to increase competition This article has been indexed from Silicon UK Read the original article: Supreme Court Rejects Google Bid To Halt App…
Hackers Exploit Legitimate Commands to Breach Databases
In recent years, adversaries have abandoned traditional malware in favor of “living-off-the-land” operations against cloud and SaaS environments. Rather than deploying custom ransomware binaries, many threat actors now exploit misconfigured database services—leveraging only built-in commands to steal, destroy, or encrypt…
Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials
Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for the exposure of sensitive credentials. The flaw, tracked as CVE-2025-37728, affects multiple versions of Kibana and could allow a malicious user…
GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware
A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet…
Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
NCSC: Patch Critical Oracle EBS Bug Now
A critical Oracle E-Business Suite vulnerability is being actively exploited by the Clop ransomware group This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC: Patch Critical Oracle EBS Bug Now
AMD To Supply OpenAI With Data Centre Chips
AMD shares surge on multi-year deal to sell 6 gigawatts’ worth of advanced AI chips to power OpenAI data centres This article has been indexed from Silicon UK Read the original article: AMD To Supply OpenAI With Data Centre Chips
Qualcomm Faces £480m Fight In London Court
Which? alleges Qualcomm used market power to overcharge Apple, Samsung, says those who bought handsets due for payout in London legal fight This article has been indexed from Silicon UK Read the original article: Qualcomm Faces £480m Fight In London…
CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also…
Britain eyes satellite laser warning system and carrier-launched jet drones
Space sensors and UAVs at sea top MoD’s list in new wave of cutting-edge projects The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a…
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization…
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An…
OpenSSH ProxyCommand Flaw Allows Remote Code Execution – PoC Released
Security researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution on client systems. Tracked as CVE-2025-61984, the vulnerability arises from inadequate filtering of control characters in usernames when expanding the…
Discord warns users after data stolen in third-party breach
The stolen data includes names, emails, limited billing information, and some government-ID images. This article has been indexed from Malwarebytes Read the original article: Discord warns users after data stolen in third-party breach
UK Home Office opens wallet for £60M automated number plate project
Department eyes new app to tap national ANPR data for live alerts, searches, and integrations The UK’s Home Office is inviting tech suppliers to take part in a £60 million “market engagement” for an application that uses data from automated…