fp-5a

Google’s Android 17 introduces new protections in Advanced Protection Mode that block non-accessibility apps from using the Accessibility API to prevent malware attacks.

A critical SolarWinds Web Help Desk vulnerability (CVE-2025-26399) allows attackers to execute commands via deserialization flaws. CISA warns organizations to patch immediately.

Silver Dragon, a threat group linked to APT41, is targeting government entities using Cobalt Strike, DLL sideloading, DNS tunneling, and Google Drive-based command-and-control techniques.

Medusa and DragonForce use SimpleHelp flaws for attacks—learn about the tactics, impacts, and defenses against supply chain ransomware.

Zoom vulnerabilities allow unauthorized access—learn about the CVEs, risks, and urgent update needs to secure your video calls.

CISA warns of CVE-2025-54253 in Adobe Experience Manager, allowing unauthenticated code execution—fix now for versions up to 6.5.23.0. Also, active CVE-2016-7836 in SKYSEA; learn how to secure your systems from these critical vulnerabilities.

"Trinity of Chaos" group (Muddled Libra, Bling Libra, LAPSUS$) steals 1B Salesforce records targeting retail/hospitality; launches DLS October 3, 2025, with FBI seizure October 9. EaaS model enables fraud—implement zero trust and ISAC intel to defend against data theft.

High-severity CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite's Configurator allows unauthenticated HTTP attacks to access sensitive data (versions 12.2.3-12.2.14). Follows Cl0p-linked CVE-2025-61882 exploits—apply updates, segment networks, and scan for vulnerabilities now.

DeepMind's CodeMender uses Gemini models to spot, patch, and rewrite vulnerable code, upstreaming 72 fixes to OSS projects. Google launches AI VRP for threat reports up to $30K and updates SAIF v2 to combat AI risks like prompt injections—empowering developers against cyber threats.

CVE-2025-61984 exploits OpenSSH's ProxyCommand by injecting newlines in usernames for RCE, bypassing CVE-2023-51385; targets Bash-like shells in malicious Git submodules during recursive clones. Affects unquoted %r configs (e.g., from Teleport)—upgrade to OpenSSH 10.1, quote '%r', or restrict Git SSH to mitigate.