A critical GoAnywhere vulnerability is being exploited by the Medusa ransomware group, says Microsoft This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Campaign
Tag: EN
Chinese Firm Submerges Data Centre To Reduce Power
China’s Highlander set to deploy data centre off coast of Shanghai this month in effort to slash power required for cooling This article has been indexed from Silicon UK Read the original article: Chinese Firm Submerges Data Centre To Reduce…
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.…
CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks
CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025. The vulnerability affects the Microsoft Windows Common Log File System (CLFS) Driver and poses significant…
Credential stuffing: £2.31 million fine shows passwords are still the weakest link
How recycled passwords and poor security habits are fueling a cybercrime gold rush Partner Content If you’re still using “password123” for more than one account, there’s a good chance you’ve already exposed yourself to credential stuffing attacks — one of…
AI Takes Lion’s Share Of 2025 Venture Capital
This year is on track to be first in which more than half of all venture-capital deals go to AI firms, finds PitchBook This article has been indexed from Silicon UK Read the original article: AI Takes Lion’s Share Of…
CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this flaw resides in the Common Log File System (CLFS) driver. Attackers who gain local access…
The Evolving Role of the CSO: From Technical Guardian to Business Strategist
Discover how today’s CSOs are transforming from technical guardians into strategic business leaders driving revenue, growth, and customer trust. The post The Evolving Role of the CSO: From Technical Guardian to Business Strategist appeared first on Security Boulevard. This article…
Survey Sees AI Becoming Top Cybersecurity Investment Priority
AI tops cybersecurity investments for 2025 as organizations leverage threat detection, AI agents, and behavioral analysis to close skills gaps and boost defense. The post Survey Sees AI Becoming Top Cybersecurity Investment Priority appeared first on Security Boulevard. This article…
Asahi Partially Restarts Breweries After Attack
Asahi partially resumes production of Super Dry beer, other drinks, food products to follow as company recovers from cyber-attack This article has been indexed from Silicon UK Read the original article: Asahi Partially Restarts Breweries After Attack
Government Issues New Order To Access Apple UK User Data
UK government issues new order to Apple to create backdoor allowing access to encrypted UK user data, after first effort raised US hackles This article has been indexed from Silicon UK Read the original article: Government Issues New Order To…
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and Microsoft IE flaws…
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day Vulnerability in the Wild
Oracle has issued an emergency security alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite after the notorious Cl0p ransomware group began extorting customers who failed to patch their systems. The vulnerability, carrying a maximum CVSS score of…
OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code – PoC Released
A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim’s machine. The vulnerability is a bypass of a previous fix for a similar issue…
Unity vulnerability, Oracle zero-day patched, Discord user info exposed
Unity vulnerability puts popular games at risk Oracle zero-day exploit patched Third-party breach claims Discord user info Huge thanks to our sponsor, ThreatLocker Cybercriminals don’t knock — they sneak in through the cracks other tools miss. That’s why organizations are…
Businesses fear AI is exposing them to more attacks
More than half of companies have already faced AI-powered phishing attacks, a new survey finds. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Businesses fear AI is exposing them to more attacks
GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
A critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tracked…
Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances
The hacker collective styling itself “Scattered Lapsus$ Hunters”—an alliance echoing elements of ShinyHunters, Scattered Spider, and Lapsus$—has launched an extortionware portal to pressure victims into paying for delisting and purported deletion of stolen data. The group’s leverage centers on Salesforce…
Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
The sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2025. This politically motivated…
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day
The notorious Cl0p ransomware group has been actively exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite (EBS), targeting enterprise customers through CVE-2025-61882. This sophisticated attack campaign has prompted Oracle to issue an emergency security advisory after reports surfaced that multiple organizations…