A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear…
IT Security News Hourly Summary 2025-10-06 15h : 14 posts
14 posts were published in the last hour 13:3 : Hackers Allegedly Breach Huawei Technologies, Leak Source Code and Internal Tools 13:3 : Zero Trust Access Made Simple for Contractors 13:3 : Zabbix Agent and Agent 2 for Windows Vulnerability…
How Exposure Management Helped Three Companies Transform Their Cybersecurity Program
Part two of our Exposure Management Academy series on exposure management maturity explores how organizations like Drogaria Araujo, Tenable and Verizon have applied exposure management to strengthen their security postures. Key takeaways: Case studies of Drogaria Araujo, Tenable and Verizon…
New ‘Fully Undetectable’ Android RAT Discovered on GitHub
Hosted at the repository “Huckel789/Android-RAT,” this fully undetectable (FUD) RAT is designed to evade antivirus detection permanently, maintain persistence in battery-optimized environments, and deliver a feature-rich command-and-control (C2C) experience entirely from a web interface. This Android RAT sets itself apart…
Radiant Group won’t touch kids’ data now, but apparently hospitals are fair game
Ransomware crooks utterly fail to find moral compass First they targeted a preschool network, now new kids on the ransomware block Radiant Group say they’ve hit a hospital in the US, continuing their deplorable early cybercrime careers.… This article has…
Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk
The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek. This article has…
Sora 2 Unveiled To Mixed Reviews
Emerging AI, Google Updates, and Falling Satellites: A Tech Rundown In this episode of hashtag Trending, host Jim Love discusses the latest developments in AI and tech. Open AI’s new app Sora 2 promises revolutionary video generation capabilities, but early…
Hackers Allegedly Breach Huawei Technologies, Leak Source Code and Internal Tools
Cybersecurity researchers are reporting an alleged security breach involving Chinese technology giant Huawei Technologies, with hackers claiming to have accessed and leaked sensitive source code and internal development tools. The incident, which surfaced through social media channels, represents a potentially significant…
Zero Trust Access Made Simple for Contractors
Third-party contractors are critical for many organizations. They bring specialized skills, help scale projects quickly, and support both short-term initiatives and long-term business needs. Yet contractors also introduce unique security and operational challenges. Whether it’s a quick project or a…
Zabbix Agent and Agent 2 for Windows Vulnerability Let Attackers Escalate Privileges
A critical security vulnerability has been discovered in Zabbix Agent and Agent 2 for Windows that allows attackers with local system access to escalate their privileges through DLL injection attacks. The flaw, tracked as CVE-2025-27237 with a CVSS score of…
Qantas Wins Injunction Before Data Leak
A new leak site, operated by Scattered LAPSUS$ Hunters, now threatens to publish data from 39 Salesforce customers by October 10. One of these The post Qantas Wins Injunction Before Data Leak first appeared on CyberMaterial. This article has been…
Abracadabra Hit by Third DeFi Hack
A DeFi project, Abracadabra, has been exploited, resulting in a loss of about $1.7 million. This is the third time the platform has been a victim of a security The post Abracadabra Hit by Third DeFi Hack first appeared on…
Extortion Group Launches Salesforce Data Leak
A new data leak site has been launched by a group of cybercriminals calling themselves Scattered Lapsus$ Hunters, which includes members The post Extortion Group Launches Salesforce Data Leak first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
Oracle Issues Security Alert
Oracle has issued a Security Alert concerning a critical vulnerability, CVE-2025-61882, found in Oracle E-Business Suite versions 12.2.3 through 12.2.14. The post Oracle Issues Security Alert first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original…
Discord Reveals Data Breach Incident
Hackers gained unauthorized access to a third-party customer service system used by Discord on September 20, leading to a data breach that affected The post Discord Reveals Data Breach Incident first appeared on CyberMaterial. This article has been indexed from…
Quick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882) [UPDATED[, (Mon, Oct 6th)
[Update: I added the server part delivering the payload] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Quick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882) [UPDATED[, (Mon, Oct…
Thieves steal IDs and payment info after data leaks from Discord support vendor
Outsourcing your helpdesk always seems like a good idea – until someone else’s breach becomes your problem Discord has confirmed customers’ data was stolen – but says the culprit wasn’t its own servers, just a compromised support vendor.… This article…
Scattered Lapsus$ Hunters Extorts Victims, Demands Salesforce Negotiate
The threat group Scattered Lapsus$ Hunters, which last month said it was shutting down operations, is back with a data leak site listing dozens of high-profile Salesforce customers and claiming to have stolen almost 1 billion data files. The group…
eBook: Defending Identity Security the Moment It’s Threatened
Credential-based attacks happen in seconds. Learn how to block weak or stolen passwords instantly, safeguard accounts in real time, and reduce helpdesk headaches with automated defense. Enzoic delivers lightweight APIs that: Block weak or compromised passwords at creation/reset Stop stolen…
5 Critical Questions For Adopting an AI Security Solution
In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure…
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs,…
Zabbix Agent/Agent2 for Windows Vulnerability Could Allow Privilege Escalation
A security flaw in Zabbix Agent and Agent2 for Windows has been discovered that could allow a local attacker to gain higher system privileges. The issue, tracked as CVE-2025-27237, stems from the way the agent loads its OpenSSL configuration file.…
TamperedChef Malware Disguised as PDF Editor Hijacks Browser Credentials and Opens Backdoors
A sophisticated malware campaign dubbed TamperedChef has successfully compromised European organizations by masquerading as a legitimate PDF editor application, according to new research from WithSecure’s Strategic Threat Intelligence & Research Group (STINGR). The campaign demonstrates how threat actors can leverage…
Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)
The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), “to steal large amounts of data from several victim[s] in August 2025,” Charles Carmakal, CTO at Mandiant – Google Cloud, stated on Sunday. “Clop…