A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August. The post Organizations Warned of Exploited Adobe AEM Forms Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Exposing the Misconceptions That Keep Users Misusing VPNs
The idea of privacy has become both a luxury and a necessity in an increasingly interconnected world. As cyber surveillance continues to rise, data breaches continue to occur, and online tracking continues to rise, more and more Internet users…
LastPass Warns Customers It Has Not Been Hacked Amid Phishing Email Scam
LastPass warns customers it has not been breached, after phishing emails falsely claim a hack and urge users to update their desktop app This article has been indexed from www.infosecurity-magazine.com Read the original article: LastPass Warns Customers It Has Not…
Auction house Sotheby’s finds its data on the block after cyberattack
Alert says financial account information lifted from systems Auction house Sotheby’s says it was breached on July 24, and those behind the intrusion stole an unspecified amount of data, including Social Security numbers and financial account information.… This article has…
Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking
Fuji Electric has released patches and Japan’s JPCERT has informed organizations about the vulnerabilities. The post Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data
The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake ‘payment lures’ and urgent security alerts to trick victims into calling a fraudulent…
Qilin Ransomware Leverages Ghost Bulletproof Hosting for Global Attacks
Qilin ransomware–an increasingly prolific ransomware-as-a-service (RaaS) operation–has intensified its global extortion campaigns by exploiting a covert network of bulletproof hosting (BPH) providers. These rogue hosting services, often headquartered in secrecy-friendly jurisdictions and operated through labyrinthine shell-company structures, allow Qilin’s operators…
Cryptocurrency ATMs
CNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money. The fees are usurious, and they’re a common place for scammers to send victims to buy cryptocurrency for them. The companies behind…
Critical Apache ActiveMQ Vulnerability Let Attackers Execute Arbitrary Code
The Apache Software Foundation has disclosed a critical vulnerability in its ActiveMQ NMS AMQP Client that could allow attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2025-54539, this deserialization flaw poses a serious risk to applications relying on…
New nightMARE Python Library to Analyze Malware and Extract Intelligence Indicators
Since its public debut in October 2025, nightmare has quickly become a vital tool for malware analysts seeking to streamline static and dynamic analysis workflows. Developed by Elastic Security Labs, nightmare brings together mature open-source reverse engineering components under a…
Capita To pay £14 Million For Data Breach Exposes 6.6 Million Users Personal Data
The UK’s Information Commissioner’s Office (ICO) has imposed a £14 million fine on outsourcing giant Capita following a major cyber attack in 2023 that exposed the personal data of 6.6 million individuals. This penalty, split as £8 million to Capita…
Tech industry grad hiring crashes 46% as bots do junior work
GenAI meets Gen Z – only one gets the job ai-pocalypse The UK tech sector is cutting graduate jobs dramatically – down 46 percent in the past year, with another 53 percent drop projected, according to figures from the Institute…
Cisco Routers Hacked for Rootkit Deployment
Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices. The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Beware the Hidden Costs of Pen Testing
Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results. The benefits of pen…
IT Security News Hourly Summary 2025-10-16 12h : 11 posts
11 posts were published in the last hour 10:3 : Inside Sekoia.io Hackathon 2025 – Innovating together for customer satisfaction 10:3 : Laura Faria: Empathy on the front lines 10:3 : BeaverTail and OtterCookie evolve with a new Javascript module…
Mysterious Elephant APT Breach: Hackers Infiltrate Organization to Steal Sensitive Data
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, active since early 2025, rely on custom-built…
Capita Fined £14 Million After Data Breach Exposes 6.6 Million Users
The UK’s Information Commissioner’s Office has imposed a £14 million penalty on Capita following a major cyber attack in March 2023 that exposed the personal information of 6.6 million people. The fine was split between Capita plc, which received £8…
Critical Samba Flaw Allows Remote Attackers to Execute Arbitrary Code
A newly disclosed vulnerability in Samba’s WINS server hook script enables unauthenticated attackers to run arbitrary commands on affected domain controllers. This critical flaw, tracked as CVE-2025-10230, carries a maximum CVSSv3.1 score of 10.0, reflecting its ease of exploitation and…
Roku accused of selling children’s data to advertisers and brokers
Florida claims Roku ignored clear signs its users were minors, collecting and selling viewing habits, voice recordings and precise locations. This article has been indexed from Malwarebytes Read the original article: Roku accused of selling children’s data to advertisers and…
Mango discloses data breach at third-party provider
The fashion retailer says a breach at a marketing partner exposed limited contact details—but no financial data or passwords. This article has been indexed from Malwarebytes Read the original article: Mango discloses data breach at third-party provider
US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin
The U.S. government has seized more than $14 billion in bitcoin and charged the founder of a Cambodian conglomerate in a massive cryptocurrency scam, accusing him and unnamed co-conspirators of exploiting forced labor to dupe would-be investors and using the…
Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code
An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution. The vulnerability, tracked as CVE-2025-54539, exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client connects…
Inside Sekoia.io Hackathon 2025 – Innovating together for customer satisfaction
Last month, the Sekoia.io Tech & Product teams decamped in southern Brittany for our 2025 internal Hackathon. Over three intense days, seven self-organized squads took on one mission: deliver measurable, customer-centric enhancements to the AI-SOC platform. From faster page loads…
Laura Faria: Empathy on the front lines
Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments — including high-stakes situations impacting critical infrastructure. This article has been indexed from…