Newscast

Published: Oct 25, 2025

Cybercriminals are leveraging LastPass's after-death account handover procedures to trick users into revealing their login credentials. The campaign, linked to the CryptoChameleon group, involves sending fake emails about legacy access requests that redirect victims to phishing sites.

Published: Oct 25, 2025

A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.

Published: Oct 25, 2025

Scammers are now using fake voicemail notifications to trick users into revealing their credentials. These phishing emails often appear legitimate, leading victims to fake login pages or triggering malware downloads.

Published: Oct 25, 2025

A new hacking group, Storm-2657, is targeting U.S. universities with sophisticated phishing attacks aimed at hijacking payroll payments. These 'pirate payroll' attacks exploit social engineering tactics to manipulate staff into providing sensitive login information.

Published: Oct 25, 2025

Microsoft has released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is currently under active exploitation. The flaw allows unauthorized attackers to execute code over a network, necessitating immediate patching for affected Windows Server versions.

Published: Oct 25, 2025

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

Published: Oct 25, 2025

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

Published: Oct 24, 2025

OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.

Published: Oct 24, 2025

CISA has issued an urgent alert regarding a critical flaw in Motex Lanscope Endpoint Manager, tracked as CVE-2025-61932. This vulnerability, rated 9.8 on the CVSS scale, allows attackers to bypass authentication mechanisms, leading to potential unauthorized access and data compromise.

Published: Oct 24, 2025

Microsoft has released an emergency security patch for a critical vulnerability in Windows Server Update Services (WSUS) that is being actively exploited. The vulnerability, tracked as CVE-2025-59287, allows remote code execution and carries a severity score of 9.8 out of 10.

Published: Oct 24, 2025

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

Published: Oct 24, 2025

The OYO Las Vegas Hotel & Casino experienced a ransomware attack in January, exposing personal and financial information of approximately 4,700 individuals. The incident is now central to a legal dispute between OYO and its former management company, Highgate Hotels.

Published: Oct 24, 2025

The SideWinder advanced persistent threat group has developed a sophisticated attack methodology utilizing ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets in South Asia. This campaign marks a significant evolution in their tactics, employing spear-phishing emails and advanced evasion techniques.

Published: Oct 24, 2025

Everest Ransomware has reportedly breached AT&T Careers, compromising 576,000 records. This incident highlights the ongoing threat of ransomware attacks targeting large organizations.

Published: Oct 24, 2025

The UK government has introduced new anti-ransomware guidance aimed at addressing supply chain vulnerabilities that have led to significant cyber incidents. Developed in collaboration with Singapore, the guidance outlines practical steps for organizations to enhance their supply chain security and prevent exploitation by cyber criminals.

Published: Oct 24, 2025

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Published: Oct 24, 2025

Google's Threat Intelligence Group has uncovered a Vietnamese cybercriminal campaign that uses fake job postings to compromise digital marketing professionals. The campaign, tracked as UNC6229, employs social engineering and malware tactics to hijack corporate advertising accounts.

Published: Oct 24, 2025

A recent analysis reveals that the Wagner Group has been utilizing military equipment from the Malian army, potentially violating the Arms Trade Treaty. This situation raises significant diplomatic concerns for Mali as it may face sanctions for diverting arms to unauthorized users.

Published: Oct 24, 2025

Comcast Corporation has had 186.36 GB of compressed data, totaling 834 GB of stolen information, exposed by the Medusa ransomware gang after refusing to pay a $1.2 million ransom. The data includes sensitive Excel files and scripts related to auto premium analysis.

Published: Oct 24, 2025

Two teenagers have been charged with computer hacking offenses related to a cyber attack on Transport for London (TfL) that caused significant disruption last year. The attack, attributed to the cyber-criminal group Scattered Spider, resulted in £39 million in damages.

Published: Oct 24, 2025

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.

Published: Oct 24, 2025

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

Published: Oct 24, 2025

Medusa Ransomware has leaked a significant amount of data from Comcast, totaling 834 GB, after the company failed to meet a $1.2 million ransom demand. This incident highlights the ongoing threat posed by ransomware groups.

Published: Oct 24, 2025

Cybercriminals are increasingly leveraging Clickfix social engineering tactics and AI in Business Email Compromise (BEC) scams, leading to a 500% surge in Clickfix attacks in early 2025. Mimecast's latest report reveals a shift in tactics that focus on the human element, making phishing and scams harder to detect.

Published: Oct 24, 2025

Forescout Technologies has identified two critical vulnerabilities in TP-Link Omada and Festa VPN routers that could expose industrial systems to significant risks. The vulnerabilities, CVE-2025-7850 and CVE-2025-7851, allow for OS command injection and unauthorized root access, respectively.

Published: Oct 23, 2025

Google has removed over 3,000 YouTube videos that were spreading password-stealing malware disguised as cracked software and game cheats. The operation, dubbed the 'YouTube Ghost Network,' exploited legitimate accounts to lure viewers into downloading infostealers.

Published: Oct 23, 2025

Mimecast's latest report reveals a staggering 500% increase in AI-driven phishing and ClickFix schemes as cybercriminals exploit trusted services to bypass email security. The report highlights that phishing now accounts for 77% of all attacks, marking a significant evolution in attacker behavior.

Published: Oct 23, 2025

Caminho, a Brazilian Loader-as-a-Service (LaaS), uses Least Significant Bit (LSB) steganography to hide .NET payloads in images, allowing malware to bypass defenses. This threat targets businesses across South America, Africa, and Eastern Europe, utilizing spear-phishing tactics to deliver its payloads.

Published: Oct 23, 2025

Hackers gained unauthorized access to the personal data of hundreds of racing drivers, including F1 champion Max Verstappen, due to a security flaw in the FIA's driver categorization portal. The FIA has since taken immediate steps to secure the data and reported the incident to data protection authorities.

Published: Oct 23, 2025

Atlassian has disclosed a critical path traversal vulnerability in Jira Software Data Center and Server, allowing authenticated attackers to write files to any path accessible by the JVM. The flaw, tracked as CVE-2025-22167, affects versions from 9.12.0 through 11.0.1 and poses significant risks if unpatched.

Published: Oct 23, 2025

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

Published: Oct 23, 2025

Security flaws in Microsoft's Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the Azure Portal. Varonis discovered that attackers can bypass safeguards using invisible Unicode characters, leading to potential phishing attacks.

Published: Oct 23, 2025

The Russian state-sponsored APT known as Star Blizzard has transitioned to using a new backdoor, MaybeRobot, following the public disclosure of its LostKeys malware. This change comes as the group continues to employ sophisticated infection techniques to target civil society members in Russia.

Published: Oct 23, 2025

Over 250 attacks have been reported in just 24 hours targeting Adobe Commerce and Magento due to a critical flaw tracked as CVE-2025-54236. This vulnerability allows for customer account takeovers via the REST API, with only 38% of stores currently patched.

Published: Oct 23, 2025

GlassWorm malware is exploiting the OpenVSX marketplace to target developers, highlighting the risks associated with third-party software repositories. Developers are urged to exercise caution when downloading extensions.

Published: Oct 23, 2025

Cybersecurity experts have raised concerns about OpenAI's new browser, ChatGPT Atlas, which may be susceptible to attacks that could compromise user data. The browser's features, including 'browser memories' and 'agent mode,' could potentially be exploited through prompt injection attacks, leading to unauthorized access to sensitive information.

Published: Oct 23, 2025

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

Published: Oct 23, 2025

In Q3 2025, Cisco Talos observed a significant rise in ToolShell attacks, primarily targeting public-facing applications, with a notable increase in post-exploitation phishing campaigns. The report emphasizes the importance of network segmentation and rapid patching to mitigate these threats.

Published: Oct 23, 2025

A critical path traversal vulnerability in Smithery.ai has exposed over 3,000 hosted AI servers and compromised thousands of API keys. The flaw, stemming from a configuration bug, allows attackers to access sensitive files and execute arbitrary code on the servers.

Published: Oct 23, 2025

A serious vulnerability, dubbed TARmageddon (CVE-2025-62518), has been discovered in the async-tar Rust library and its forks, including tokio-tar. This critical flaw could allow attackers to execute arbitrary code through file overwriting attacks, posing significant risks to Rust-based applications.

Published: Oct 23, 2025

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.

Published: Oct 23, 2025

As AI becomes integral to various sectors, the need for robust governance frameworks is critical. California's SB 53 is a pioneering step towards regulating AI, but organizations must proactively implement oversight and accountability measures to manage risks effectively.

Published: Oct 22, 2025

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

Published: Oct 22, 2025

During the second day of the Pwn2Own Ireland 2025 hacking competition, researchers exploited 56 unique zero-day vulnerabilities, earning $792,750 in cash. Notable exploits included a chain of five security flaws in the Samsung Galaxy S25 and multiple vulnerabilities in various NAS devices and printers.

Published: Oct 22, 2025

A vulnerability tracked as CVE-2025-6515 in the Oat++ MCP implementation allows threat actors with HTTP server access to hijack AI agent sessions. This flaw can lead to accelerated session creation and destruction, enabling attackers to exploit session IDs for malicious purposes.

Published: Oct 22, 2025

A phishing campaign is impersonating well-known brands like KFC, Red Bull, and Ferrari to compromise Facebook login details. Malicious emails lead targets to a fake job posting site where they are prompted to enter their credentials.

Published: Oct 22, 2025

CISA has flagged a critical vulnerability in the Windows SMB client that is actively being exploited, allowing attackers to gain elevated privileges on affected systems. Organizations are urged to patch immediately to prevent potential compromises.

Published: Oct 22, 2025

Jewett-Cameron Company, an Oregon-based provider of fencing and pet solutions, experienced a cyberattack that led to the theft of sensitive information and disruption of business operations. The company reported that hackers deployed encryption software and threatened to release stolen data unless a ransom is paid.

Published: Oct 22, 2025

The latest version of Vidar Stealer, known as Vidar 2.0, employs advanced memory injection techniques to bypass browser encryption and steal login credentials. This update marks a significant evolution in its capabilities, allowing it to efficiently extract sensitive information from multiple browsers.

Published: Oct 22, 2025

Russian state-backed hacking group Coldriver has introduced three new malware strains, NOROBOT, YESROBOT, and MAYBEROBOT, following the exposure of their previous tool, LostKeys. These new tools are designed to evade detection and target high-value data.

Published: Oct 22, 2025

Amazon's recent AWS outage has highlighted significant vulnerabilities in the automotive manufacturing sector's reliance on cloud infrastructure. The incident, which lasted 15 hours, raised urgent questions about digital resilience and the potential economic impact on production systems that depend heavily on cloud services.

Published: Oct 22, 2025

Yahoo outlines its use of cookies and personal data across its family of brands, including AOL and Engadget. Users are informed about their options for managing privacy settings and consent regarding data usage.

Published: Oct 22, 2025

A new strain of Rust-based malware, dubbed ChaosBot, exploits the Discord platform for its Command and Control operations, embedding malicious activity behind legitimate traffic. Its advanced evasion capabilities pose significant challenges for defenders.

Published: Oct 22, 2025

A large-scale intrusion campaign, tracked as REF3927, is exploiting misconfigured Microsoft IIS servers that reuse publicly exposed ASP.NET machine keys. Attackers are deploying malicious modules and webshells to gain control over affected systems.

Published: Oct 22, 2025

Cybercriminals are exploiting Microsoft 365's Direct Send feature to bypass security filters and conduct phishing campaigns. This legitimate feature, designed for enterprise convenience, has become a vector for business email compromise attacks, prompting security researchers to raise alarms.

Published: Oct 22, 2025

Cybercriminals are evolving their email phishing tactics, utilizing legacy methods combined with advanced techniques to evade security measures. New strategies include the use of QR codes, password-protected attachments, and multi-stage verification chains to compromise victims.

Published: Oct 22, 2025

A newly uncovered attack campaign, dubbed Jingle Thief, is targeting global retailers' gift card systems using phishing and smishing techniques. The attackers, believed to be based in Morocco, operate entirely in cloud environments without deploying traditional malware.

Published: Oct 22, 2025

Researchers at Koi Security have identified a new cyber threat named GlassWorm that spreads through infected Visual Studio Code extensions. Utilizing invisible Unicode characters, this worm evades detection and employs the Solana blockchain for command-and-control operations.

Published: Oct 22, 2025

CISA has identified a critical SSRF vulnerability in Oracle E-Business Suite, urging US government organizations to apply patches by November 10. Despite the urgency, Oracle has not confirmed active exploitation of the vulnerability, CVE-2025-61884.

Published: Oct 22, 2025

A recent investigation revealed a critical loophole in Azure applications that allowed hackers to create malicious apps using reserved Microsoft names. This vulnerability enabled attackers to gain unauthorized access and escalate privileges within Microsoft 365 environments, posing significant risks to organizations.

Published: Oct 22, 2025

The latest Microsoft Digital Defense Report reveals that over 52% of cyberattacks are motivated by extortion and ransomware, with a significant focus on data theft. The report emphasizes the need for proactive cybersecurity measures and modernization in defense strategies.

Published: Oct 22, 2025

Recent incidents in Australia highlight how poor oversight of AI tools can lead to costly errors and privacy violations. These failures in AI governance reveal significant risks for organizations, particularly in the tech and consultancy sectors.

Published: Oct 22, 2025

AI technology is increasingly integrated into workplaces, shaping the labor market and HR practices. Employers and employees must adapt to effectively manage generative AI and other AI-powered systems.

Published: Oct 14, 2025

SimonMed Imaging has reported a data breach impacting over 1.2 million patients, with unauthorized access occurring between January 21 and February 5. The breach was linked to the Medusa ransomware group, which claimed to have stolen 212 GB of sensitive data.

Published: Oct 14, 2025

Trend Micro researchers have uncovered a serious vulnerability involving hardcoded Azure Storage Account credentials in an Axis Communications plugin for Autodesk Revit. This exposure could allow attackers to compromise storage content, raising significant supply chain risks.

Published: Oct 14, 2025

Oracle has announced a high-severity vulnerability in its E-Business Suite, tracked as CVE-2025-61884, which allows remote, unauthenticated access to sensitive resources. This flaw has not yet been exploited in the wild, but it poses significant risks to corporate users.

Published: Oct 14, 2025

The Astaroth banking trojan has resurfaced, utilizing GitHub as a platform for malware configuration updates. This sophisticated malware employs targeted phishing tactics to steal banking and cryptocurrency credentials while evading detection through advanced techniques.

Published: Oct 14, 2025

Oracle has issued an emergency fix for a critical information disclosure vulnerability in its E-Business Suite, tracked as CVE-2025-61884. The flaw allows remote unauthenticated access to sensitive resources, raising concerns about potential exploitation by threat actors.

Published: Oct 14, 2025

A recent study by MIT reveals that 80% of ransomware attacks utilize artificial intelligence, highlighting the need for a multi-layered defense approach. The research outlines three essential pillars for effective AI defense in cybersecurity.

Published: Oct 13, 2025

Major airlines Qantas, Air India, Air France, and KLM have suffered significant data breaches, exposing millions of customer records. The breaches, linked to third-party service providers, have raised serious security concerns across the airline and hospitality sectors.

Published: Oct 13, 2025

The Clop Ransomware group has announced a breach of Harvard University, adding it to their Tor data leak site. They claim to have stolen sensitive data and will leak it soon, raising concerns about the potential impact on the prestigious institution.

Published: Oct 13, 2025

Threat actors are increasingly using Discord webhooks as covert command-and-control channels within open-source packages, allowing for the stealthy exfiltration of sensitive data. This tactic leverages hard-coded webhook URLs to bypass security measures and exfiltrate secrets from developer environments.

Published: Oct 13, 2025

Recent bank deregulation efforts are expected to significantly increase lending capacity on Wall Street, potentially unlocking $2.6 trillion. This move has sparked discussions about the implications for the financial sector and the economy at large.

Published: Oct 12, 2025

The Beamglea campaign has exploited 175 malicious npm packages to conduct phishing attacks, primarily targeting tech and energy firms across Europe and APAC. Researchers discovered that these packages, which have over 26,000 downloads, redirect users to phishing sites designed to steal credentials.

Published: Oct 12, 2025

A critical vulnerability (CVE-2025-5947) in the Service Finder Bookings plugin for WordPress enables unauthenticated attackers to gain administrative access to affected sites. This flaw underscores the urgent need for prompt patching and highlights ongoing risks associated with insecure plugin design.

Published: Oct 12, 2025

Qantas Airways has confirmed a significant data breach affecting 5.7 million customer records, with information now posted online. While no sensitive financial details were compromised, the incident raises serious cybersecurity concerns for the aviation industry.

Published: Oct 12, 2025

A critical unauthenticated Local File Inclusion vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox is being actively exploited by attackers. Users are advised to implement a temporary mitigation by modifying their Web.config file until a patch is released.

Published: Oct 12, 2025

China-based group Storm-2603 has exploited an outdated version of the Velociraptor tool to maintain persistence and deploy multiple ransomware strains including Warlock, LockBit, and Babuk. This incident highlights the evolving tactics of threat actors utilizing legitimate tools for malicious purposes.

Published: Oct 12, 2025

A zero-day vulnerability, tracked as CVE-2025-11371, is being actively exploited in Gladinet CentreStack and Triofox products, allowing local users to access system files without authentication. Experts warn that while mitigations exist, the flaw remains unpatched.

Published: Oct 12, 2025

SonicWall has confirmed that a recent security incident involving its cloud backup service has affected all customers, contrary to earlier claims of limited impact. The stolen files contain encrypted credentials and configuration data, raising concerns about potential targeted attacks.

Published: Oct 12, 2025

Asahi, Japan's leading beer producer, has been forced to halt production at most of its factories due to a cyber-attack attributed to the ransomware group Qilin. The company is currently processing orders manually, leading to significant shortages of its products across the country.

Published: Oct 12, 2025

Huntress warns users of Gladinet's CentreStack and Triofox file-sharing tools to apply an urgent mitigation for a zero-day vulnerability (CVE-2025-11371) that is actively being exploited. With no patch available, the vulnerability could allow attackers to execute remote code.