A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in…
UK techies’ union warns members after breach exposes sensitive personal details
Prospect apologizes for cyber gaffe affecting up to 160K members UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.… This article has been indexed from The Register – Security Read…
ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities
The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges. The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ZDI…
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended…
Rishi Sunak Joins Anthropic, Microsoft As Paid Advisor
Former prime minister to work with Microsoft, AI start-up Anthropic as paid adviser while continuing to serve as Commons MP This article has been indexed from Silicon UK Read the original article: Rishi Sunak Joins Anthropic, Microsoft As Paid Advisor
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. This article has been indexed from Security Latest…
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. Grafana is an…
Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks
An active in-the-wild exploitation of a zero-day vulnerability in Gladinet CentreStack and Triofox products. Tracked as CVE-2025-11371, the unauthenticated Local File Inclusion (LFI) flaw allows attackers to achieve remote code execution (RCE) on affected systems. The vulnerability is currently unpatched,…
Microsoft Warns of Hackers Compromising Employee Accounts to Steal Salary Payments
A sophisticated financially motivated threat actor known as Storm-2657 has been orchestrating elaborate “payroll pirate” attacks targeting US universities and other organizations, Microsoft Threat Intelligence has revealed. These attacks represent a concerning evolution in cybercriminal tactics, where hackers compromise employee…
SnakeKeylogger via Weaponized E-mails Leverage PowerShell to Exfiltrate Sensitive Data
Emerging from a recent wave of targeted campaigns, SnakeKeylogger has surfaced as a potent infostealer that capitalizes on PowerShell and social engineering. The malware’s operators craft convincing spear-phishing e-mails under aliases such as “CPA-Payment Files,” impersonating reputable financial and research…
LLM-enabled MalTerminal Malware Leverages GPT-4 to Generate Ransomware Code
Cybersecurity researchers have identified what is believed to be the earliest known instance of malware that leverages a Large Language Model (LLM) to generate malicious code at runtime. Dubbed ‘MalTerminal’ by SentinelLABS, the malware uses OpenAI’s GPT-4 to dynamically create…
New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users
A sophisticated Android spyware campaign dubbed ClayRat has emerged as one of the most concerning mobile threats of 2025, masquerading as popular applications including WhatsApp, Google Photos, TikTok, and YouTube to infiltrate devices and steal sensitive user data. The malware…
Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date
Apple has announced significant updates to its bug bounty program, including new categories and target flags. The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek. This article has been indexed…
OpenAI Tells EU Regulators Of Antitrust Concerns
OpenAI tells European Commission antitrust enforcers it is concerned Apple, Microsoft, Google could see them dominate AI landscape This article has been indexed from Silicon UK Read the original article: OpenAI Tells EU Regulators Of Antitrust Concerns
RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers
The RondoDox campaign’s “exploit shotgun” method leverages over 50 vulnerabilities across more than 30 vendors to infiltrate network devices, highlighting the urgent need for rapid patching and continuous monitoring. The first detected RondoDox intrusion on June 15, 2025, reused a…
North Korean Scammers Are Doing Architectural Design Now
New research shows that North Koreans appear to be trying to trick US companies into hiring them to develop architectural designs using fake profiles, résumés, and Social Security numbers. This article has been indexed from Security Latest Read the original…
Shadow AI: Agentic Access and the New Frontier of Data Risk
As autonomous AI agents spread across enterprise systems, a new risk emerges: Shadow AI. Learn why traditional controls fail and how to secure agentic AI. The post Shadow AI: Agentic Access and the New Frontier of Data Risk appeared first…
How Parents Can Train Their Children to Use AI Responsibly
In a world where artificial intelligence tools are becoming as common as smartphones, parents face a critical challenge: teaching children to interact with AI safely… The post How Parents Can Train Their Children to Use AI Responsibly appeared first on…
Hack On Oracle Suite Steals Data From Dozens Of Companies
Attack on Oracle E-Business Suite steals ‘mass amounts’ of customer data, more than 100 organisations likely affected, experts say This article has been indexed from Silicon UK Read the original article: Hack On Oracle Suite Steals Data From Dozens Of…
Gladinet CentreStack and Triofox 0-Day Flaw Under Active Attack
Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read sensitive files without logging in. Once they grab the machine key, they can trigger a…
ClayRat Android Malware Masquerades as WhatsApp & Google Photos
ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples and 50 distinct droppers. Primarily targeting Russian users, the malware masquerades as popular applications such…
RondoDox Botnet targets 56 flaws across 30+ device types worldwide
RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June. Trend Micro researchers reported that the RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs,…
Pro-Russia Hacktivists “Claim” Attack on Water Utility Honeypot
Forescout said that the TwoNet actor was lured into attacking a honeypot disguised as a water treatment utility, providing insights into the group’s tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: Pro-Russia Hacktivists “Claim” Attack on…
IT Security News Hourly Summary 2025-10-10 09h : 7 posts
7 posts were published in the last hour 7:4 : Hackers Steal 70,000 Official ID Photos From Discord 7:4 : Hackers Exploit Microsoft Employee Accounts in Salary Theft Scheme 7:4 : Authorities Dismantle BreachForums’ Reemerged Clearnet Marketplace 7:4 : 7-Zip…