Data Breach

Indian scammers use WhatsApp fake ticket alerts to push RAT-infected mParivahan apps, stealing OTPs, spying via camera, and draining banks. Download from official stores, update OS, use antivirus—report to 1930 if hit to stay safe.

High-severity CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite's Configurator allows unauthenticated HTTP attacks to access sensitive data (versions 12.2.3-12.2.14). Follows Cl0p-linked CVE-2025-61882 exploits—apply updates, segment networks, and scan for vulnerabilities now.

New SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense.

Zimperium exposes ClayRat spyware infecting Russian Android users via phishing sites and Telegram lures mimicking WhatsApp/TikTok—exfiltrates SMS, calls, photos; auto-sends to contacts. 600 samples detected; related African phone study reveals pre-installed app risks—update and scan devices now.

In a FinOptiCorp scenario, attackers exploit LLM "FinBot" via prompt injection and OWASP flaws for data leaks, RCE, and model theft—Trend Micro's Vision One™ AI Security provides AI Scanner, Guard, and layered defenses to secure generative AI against backdoor risks.

Sucuri uncovers stealthy PHP code injections in WordPress theme files (functions.php) exploiting weak permissions and outdated plugins to fetch obfuscated JS from brazilc[.]com, enabling pop-ups, redirects, and Cloudflare-mimicking iframes—update themes, tighten permissions, and monitor scripts to secure sites.

CVE-2025-61984 exploits OpenSSH's ProxyCommand by injecting newlines in usernames for RCE, bypassing CVE-2023-51385; targets Bash-like shells in malicious Git submodules during recursive clones. Affects unquoted %r configs (e.g., from Teleport)—upgrade to OpenSSH 10.1, quote '%r', or restrict Git SSH to mitigate.

CISA flags CVE-2021-43226 in Windows CLFS Driver for active exploitation, enabling local attackers to gain SYSTEM privileges via buffer overflows. Impacts Win10/11 & Servers 2016-2022; federal deadline Oct 27—apply updates, monitor Event IDs 4656/4658, and scan for vulnerabilities now.

A hacker alleges stealing Huawei's source code, dev tools, scripts, and manuals in a major breach, offering them on dark web forums—echoing past espionage fears from U.S. warnings, Vodafone backdoors, and NSA hacks. Investigation ongoing amid global security risks.

LayerX uncovers CometJacking, exploiting Perplexity’s AI browser via malicious URLs to steal Gmail/Calendar data—tricks AI into Base64-encoded exfiltration, bypassing safeguards. Urgent call for AI security-by-design amid rising agentic threats.