SimonMed Imaging has confirmed that an external hacking incident compromised the personal data of 1,275,669 patients, making it one of the largest healthcare breaches of the year. The breach, which occurred on January 21, 2025, but was not discovered until…
Unverified COTS hardware enables persistent attacks in small satellites via SpyChain
SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA’s NOS3 simulator. The rise of small satellites has transformed scientific, commercial, and defense operations. Using commercial off-the-shelf (COTS) parts makes them cheaper…
Rethinking Microsoft Security: Why Identity is Your First Line of Defense
Identity is the new security perimeter. Defend Microsoft Entra ID and Microsoft 365 from evolving identity-based cyberattacks. The post Rethinking Microsoft Security: Why Identity is Your First Line of Defense appeared first on Security Boulevard. This article has been indexed…
Trade Fracas Fuels Biggest-Ever Crypto Crash
Drop in crypto prices last Friday, fuelled by trade war between US and China, was ‘largest liquidation event in crypto history’ This article has been indexed from Silicon UK Read the original article: Trade Fracas Fuels Biggest-Ever Crypto Crash
North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification
In a sprawling network of covert remote labor, more than 10,000 North Korean IT professionals have infiltrated global technology and freelance marketplaces by exploiting VPNs, virtual private servers (VPS), and so-called “laptop farms” to conceal their true origins. State-backed cyber…
UK: NCSC Reports 130% Spike in “Nationally Significant” Cyber Incidents
The UK cybersecurity agency reported 204 cyber incidents of “national significance” between September 2024 and August 2025 – an all-time high This article has been indexed from www.infosecurity-magazine.com Read the original article: UK: NCSC Reports 130% Spike in “Nationally Significant”…
Grindr Owners Launch Talks To Take Company Private
Majority owners of Grindr reportedly discussing taking dating app private after stock slump squeezes personal finances This article has been indexed from Silicon UK Read the original article: Grindr Owners Launch Talks To Take Company Private
Silicon UK In Focus Podcast: Speed to Customer
Discover how enterprises use predictive analytics and real-time data to anticipate customer needs, balance privacy, and deliver faster, smarter CX. This article has been indexed from Silicon UK Read the original article: Silicon UK In Focus Podcast: Speed to Customer
PoC Released for Sudo chroot Flaw Allowing Local Privilege Escalation
A new proof-of-concept (PoC) exploit has been published for a critical flaw in the widely used sudo utility. This vulnerability enables any local user to escape a chroot jail and execute commands with root privileges. Organizations relying on sudo are urged to audit and…
Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS Score of 7.5), in E-Business Suite’s Runtime UI component…
Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands
Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 under advisory ESA-2025-21, the flaw stems from improper neutralization of…
New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability
A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463 targets the chroot feature in Sudo versions 1.9.14 through 1.9.17, enabling…
IT Security News Hourly Summary 2025-10-14 09h : 9 posts
9 posts were published in the last hour 7:2 : Netherlands Takes Control Of China-Owned Nexperia 7:2 : Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution 7:2 : EU biometric border system launches, suffers teeting problems 7:2 :…
OpenAI, Broadcom To Build AI Data Centres With Custom Chips
OpenAI, Broadcom to build 10 gigawatts of AI data centre infrastructure with custom chips, in challenge to Nvidia This article has been indexed from Silicon UK Read the original article: OpenAI, Broadcom To Build AI Data Centres With Custom Chips
Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access
A recent surge in threat actors leveraging remote management and monitoring (RMM) tools for initial access has intensified scrutiny of platforms once reserved for legitimate IT administration. While AnyDesk has waned in popularity among adversaries due to improved detection, ConnectWise…
The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts
With the end of Windows 10 support approaching, we discuss which forensic artifacts in Windows 11 may be of interest. This article has been indexed from Securelist Read the original article: The king is dead, long live the king! Windows…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in…
Defrosting PolarEdge’s Backdoor
This post was originally distributed as a private FLINT report to our customers on 15 July 2025. Introduction In early 2025, we published a blogpost reporting on a botnet we dubbed PolarEdge, first detected in January 2025, when our honeypots…
Apple Brings iPhone Air To China
iPhone Air comes to China next week as all three major telecoms operators receive regulatory approval for eSIM services This article has been indexed from Silicon UK Read the original article: Apple Brings iPhone Air To China
Beyond VDI: Security Patterns for BYOD and Contractors in 2025
Remote work is no longer a contingency – it’s the operating norm. Yet the security posture for that work often leans on virtual desktops as a default, even when the workforce is dominated by bring‑your‑own‑device (BYOD) users and short‑term contractors.…
Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack
Luxembourg, Luxembourg, 14th October 2025, CyberNewsWire This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack
Salesforce data leak, SimonMed breach, Chipmaker vs. Dutch government
Millions of records exposed in Salesforce data leak SimonMed breach grows from hundreds to over a million Dutch government freezes Chinese-owned chipmaker Huge thanks to our sponsor, Vanta What’s your 2 AM security worry? Is it “Do I have…
Netherlands Takes Control Of China-Owned Nexperia
Dutch government seizes control of Chinese-owned chip manufacturer Nexperia to ensure critical car chips remain available in an emergency This article has been indexed from Silicon UK Read the original article: Netherlands Takes Control Of China-Owned Nexperia
Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
Ivanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of in-the-wild exploitation, Ivanti urges customers…