Blogs

Unspecified flaw in Oracle E-Business Suite's BI Publisher Integration allows unauthenticated HTTP attacks to hijack Concurrent Processing, exploited in ransomware campaigns. Apply patches, follow BOD 22-01 guidance, or discontinue use to protect enterprise operations from data encryption and downtime.

DeepMind's CodeMender uses Gemini models to spot, patch, and rewrite vulnerable code, upstreaming 72 fixes to OSS projects. Google launches AI VRP for threat reports up to $30K and updates SAIF v2 to combat AI risks like prompt injections—empowering developers against cyber threats.

In a FinOptiCorp scenario, attackers exploit LLM "FinBot" via prompt injection and OWASP flaws for data leaks, RCE, and model theft—Trend Micro's Vision One™ AI Security provides AI Scanner, Guard, and layered defenses to secure generative AI against backdoor risks.

OpenAI's October 2025 report reveals bans on ChatGPT accounts linked to PRC-affiliated groups like UNKDROPPITCH, who leveraged AI to debug malware (GOVERSHELL, HealthKick), craft targeted phishing, and build surveillance tools—disrupting 40+ networks; models block direct threats but highlight efficiency risks in cyber ops.

Sucuri uncovers stealthy PHP code injections in WordPress theme files (functions.php) exploiting weak permissions and outdated plugins to fetch obfuscated JS from brazilc[.]com, enabling pop-ups, redirects, and Cloudflare-mimicking iframes—update themes, tighten permissions, and monitor scripts to secure sites.

GreyNoise reports a 500% spike in attacks on Palo Alto GlobalProtect portals, with 2,200 unique IPs probing SSL VPNs via automated brute-force from US-heavy clusters. Dataset of credentials released; links to Cisco ASA scans suggest broader remote access threats—block IPs and monitor logs now.

Microsoft alerts on cybercriminals and state actors abusing Teams' messaging, calls, and sharing for full attack lifecycle—from reconnaissance with TeamsEnum to exfiltration via GraphRunner and extortion by Octo Tempest. Harden identities, monitor anomalies, and train users to mitigate.

Gujarat reports over 38 lakh malware incidents via malicious apps, phishing, and unpatched software, targeting outdated devices for data theft and ransomware. Safeguard with prompt updates, trusted antivirus, 2FA, official app stores, and offline backups to stay protected.

Jammu Cyber Police cracks ₹4.44 crore online fraud, nabbing three Surat suspects for "digital arrest" scam that coerced a businessman via fake law enforcement threats using Aadhaar/SIM data. FIR under IT Act & BNS filed; report scams to 1930 helpline to stay safe.

CVE-2025-61984 exploits OpenSSH's ProxyCommand by injecting newlines in usernames for RCE, bypassing CVE-2023-51385; targets Bash-like shells in malicious Git submodules during recursive clones. Affects unquoted %r configs (e.g., from Teleport)—upgrade to OpenSSH 10.1, quote '%r', or restrict Git SSH to mitigate.

CISA flags CVE-2021-43226 in Windows CLFS Driver for active exploitation, enabling local attackers to gain SYSTEM privileges via buffer overflows. Impacts Win10/11 & Servers 2016-2022; federal deadline Oct 27—apply updates, monitor Event IDs 4656/4658, and scan for vulnerabilities now.

New Android RAT on GitHub ("Huckel789/Android-RAT") promises permanent stealth, web-based control from any device, and features like SMS theft, 2FA hijacking, live cams, ransomware—no PC needed. Experts warn of lowered cybercrime barriers; analyze in isolation for defenses.

A hacker alleges stealing Huawei's source code, dev tools, scripts, and manuals in a major breach, offering them on dark web forums—echoing past espionage fears from U.S. warnings, Vodafone backdoors, and NSA hacks. Investigation ongoing amid global security risks.

LayerX uncovers CometJacking, exploiting Perplexity’s AI browser via malicious URLs to steal Gmail/Calendar data—tricks AI into Base64-encoded exfiltration, bypassing safeguards. Urgent call for AI security-by-design amid rising agentic threats.

CVE-2025-43400 enables out-of-bounds writes via malicious fonts, risking app crashes and memory corruption on macOS, iOS, and more—no active exploits yet, but RCE potential. Update to Sequoia 15.7.1 immediately for protection against untrusted files.

Trend Micro uncovers SORVEPOTEL, a worm-like malware exploiting WhatsApp for fast propagation on Windows systems in Brazil—phishing ZIPs lead to account bans and enterprise hits in government, tech sectors. Detect and block early to avoid spam floods.

A breach at Discord's third-party support vendor leaked personal info like names, emails, IP addresses, limited billing details, and scanned photo IDs for some users—no passwords or full cards affected. Discord is investigating and notifying victims; stay alert for phishing.

CVE-2025-56383 exposes Notepad++ v8.8.3 and earlier to DLL hijacking attacks, allowing local code execution via malicious plugins like NppExport.dll. PoC shows persistence risks—update now and monitor for infections until patched.

The 2026 FIFA World Cup's 48 teams, 104 matches across Canada, Mexico, and USA heighten cyber risks from ransomware and hacktivists, targeting tech-reliant infrastructure. Experts urge collaboration, stable CISA funding, and daily best practices to secure the event.

Check Point uncovers Iranian-aligned Nimbus Manticore's (UNC1549) spear-phishing campaign hitting defense, telecom, and aviation in Denmark, Sweden, Portugal. Fake job portals deliver MiniJunk backdoor and MiniBrowse stealer via advanced DLL side-loading—boost phishing defenses now.