Blogs
-
Read moreHigh-severity CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite's Configurator allows unauthenticated HTTP attacks to access sensitive data (versions 12.2.3-12.2.14). Follows Cl0p-linked CVE-2025-61882 exploits—apply updates, segment networks, and scan for vulnerabilities now. -
Read moreNew SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense. -
Read moreFortiGuard Labs exposes Chaos ransomware's aggressive C++ upgrade—selective encryption, large file deletion, and Bitcoin wallet swapping via clipboard hijack. This RaaS threat from ex-BlackSuit actors targets big-game hunting; bolster backups and detection to counter faster, multifaceted attacks. -
Read moreSophisticated phishing uses legit-looking Zoom Docs invites from "HR" to lure job hunters into fake Gmail login pages, exfiltrating credentials in real-time via WebSocket on overflow.qyrix.com.de. Discovered by Himanshu Anand—verify emails directly and use password managers to avoid account takeovers. -
Read morePublic Wi-Fi exposes you to MitM attacks and data theft—learn to spot evil twin hotspots, use VPNs for encryption, enable 2FA, and stick to cellular for sensitive tasks to protect against rising breaches in cafes and airports. -
Posted: October 10, 2025Views: 184Read moreZimperium exposes ClayRat spyware infecting Russian Android users via phishing sites and Telegram lures mimicking WhatsApp/TikTok—exfiltrates SMS, calls, photos; auto-sends to contacts. 600 samples detected; related African phone study reveals pre-installed app risks—update and scan devices now. -
Read moreCritical command injection flaw in Figma's MCP server (CVSS 7.5) allows RCE via unsanitized inputs in curl fallback; patched in v0.6.3. Imperva warns of risks in AI dev tools like Cursor—avoid exec with untrusted data amid rising LLM threats like Gemini's ASCII smuggling. -
Read moreVampire Bot spyware targets job seekers via deceptive ZIP attachments in recruiter emails, stealing screenshots and data. Linked to BatShadow hackers, it evades detection—stay safe by verifying offers and using EDR tools to avoid digital traps. -
Read moreUnspecified flaw in Oracle E-Business Suite's BI Publisher Integration allows unauthenticated HTTP attacks to hijack Concurrent Processing, exploited in ransomware campaigns. Apply patches, follow BOD 22-01 guidance, or discontinue use to protect enterprise operations from data encryption and downtime. -
Read moreDeepMind's CodeMender uses Gemini models to spot, patch, and rewrite vulnerable code, upstreaming 72 fixes to OSS projects. Google launches AI VRP for threat reports up to $30K and updates SAIF v2 to combat AI risks like prompt injections—empowering developers against cyber threats. -
Read moreIn a FinOptiCorp scenario, attackers exploit LLM "FinBot" via prompt injection and OWASP flaws for data leaks, RCE, and model theft—Trend Micro's Vision One™ AI Security provides AI Scanner, Guard, and layered defenses to secure generative AI against backdoor risks. -
Read moreOpenAI's October 2025 report reveals bans on ChatGPT accounts linked to PRC-affiliated groups like UNKDROPPITCH, who leveraged AI to debug malware (GOVERSHELL, HealthKick), craft targeted phishing, and build surveillance tools—disrupting 40+ networks; models block direct threats but highlight efficiency risks in cyber ops. -
Read moreSucuri uncovers stealthy PHP code injections in WordPress theme files (functions.php) exploiting weak permissions and outdated plugins to fetch obfuscated JS from brazilc[.]com, enabling pop-ups, redirects, and Cloudflare-mimicking iframes—update themes, tighten permissions, and monitor scripts to secure sites. -
Read moreGreyNoise reports a 500% spike in attacks on Palo Alto GlobalProtect portals, with 2,200 unique IPs probing SSL VPNs via automated brute-force from US-heavy clusters. Dataset of credentials released; links to Cisco ASA scans suggest broader remote access threats—block IPs and monitor logs now. -
Posted: October 08, 2025Views: 116Read moreMicrosoft alerts on cybercriminals and state actors abusing Teams' messaging, calls, and sharing for full attack lifecycle—from reconnaissance with TeamsEnum to exfiltration via GraphRunner and extortion by Octo Tempest. Harden identities, monitor anomalies, and train users to mitigate. -
Posted: October 08, 2025Views: 73Read moreGujarat reports over 38 lakh malware incidents via malicious apps, phishing, and unpatched software, targeting outdated devices for data theft and ransomware. Safeguard with prompt updates, trusted antivirus, 2FA, official app stores, and offline backups to stay protected. -
Posted: October 07, 2025Views: 92Read moreJammu Cyber Police cracks ₹4.44 crore online fraud, nabbing three Surat suspects for "digital arrest" scam that coerced a businessman via fake law enforcement threats using Aadhaar/SIM data. FIR under IT Act & BNS filed; report scams to 1930 helpline to stay safe. -
Read moreCVE-2025-61984 exploits OpenSSH's ProxyCommand by injecting newlines in usernames for RCE, bypassing CVE-2023-51385; targets Bash-like shells in malicious Git submodules during recursive clones. Affects unquoted %r configs (e.g., from Teleport)—upgrade to OpenSSH 10.1, quote '%r', or restrict Git SSH to mitigate. -
Read moreCISA flags CVE-2021-43226 in Windows CLFS Driver for active exploitation, enabling local attackers to gain SYSTEM privileges via buffer overflows. Impacts Win10/11 & Servers 2016-2022; federal deadline Oct 27—apply updates, monitor Event IDs 4656/4658, and scan for vulnerabilities now. -
Read moreNew Android RAT on GitHub ("Huckel789/Android-RAT") promises permanent stealth, web-based control from any device, and features like SMS theft, 2FA hijacking, live cams, ransomware—no PC needed. Experts warn of lowered cybercrime barriers; analyze in isolation for defenses.
Recent Posts
