86Articles
7Categories
2025-10-07Date
🚨 CISA KEV 1[−]
7 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack v…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 17[−]
7 Oct13-Year-Old Redis RCE Flaw Lets Attackers Seize Complete Host ControlA remote code execution vulnerability discovered in Redis, the widely-used in-memory data structure store, has sent shockwaves through the cybersecurity community. The flaw, designated CVE-2025-49844 and dubbed “RediShell” by researchers, carries the maximum CVSS 3.1 …GBHACKERS.COM
7 OctNCSC Issues Alert on Active Exploitation of Oracle E-Business Suite 0-Day VulnerabilityThe UK National Cyber Security Centre (NCSC) has issued a security alert following confirmation of active exploitation of a critical 0-day vulnerability, tracked as CVE-2025-61882, in Oracle E-Business Suite (EBS). Oracle has released an urgent security update to address the issu…GBHACKERS.COM
7 OctOracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World AttacksCrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The …THEHACKERNEWS.COM
7 OctCl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-DayThe notorious Cl0p ransomware group has been actively exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite (EBS), targeting enterprise customers through CVE-2025-61882. This sophisticated attack campaign has prompted Oracle to issue an emergen…GBHACKERS.COM
7 Oct KEVGoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa RansomwareA critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tra…GBHACKERS.COM
7 OctCISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation FlawThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this flaw resides in the Common Log File System (CLFS) driver. Attackers who gain local a…GBHACKERS.COM
7 OctOpenSSH ProxyCommand Flaw Allows Remote Code Execution – PoC ReleasedSecurity researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution on client systems. Tracked as CVE-2025-61984, the vulnerability arises from inadequate filtering of control characters in usernames when ex…GBHACKERS.COM
7 OctThe CVE-2025-59489 vulnerability in Unity, and how to fix it in games | Kaspersky official blogExploring a dangerous vulnerability in the Unity game engine, and how to protect your devicesKASPERSKY.COM
7 Oct13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code RemotelyRedis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An aut…THEHACKERNEWS.COM
7 OctMicrosoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa RansomwareMicrosoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserializatio…THEHACKERNEWS.COM
7 Oct KEVCrowdStrike Alerts on Oracle E-Business Suite 0-Day Under Mass ExploitationA novel zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited in a large-scale data exfiltration campaign, with CrowdStrike Intelligence attributing primary involvement to the GRACEFUL SPIDER threat group and warning that public proof-of-c…GBHACKERS.COM
7 OctKibana CrowdStrike Connector Flaw Exposes Sensitive CredentialsA security issue in the Kibana CrowdStrike Connector allows attackers to access stored CrowdStrike credentials. The flaw affects multiple versions of Kibana and can expose credentials across spaces within the same deployment. Elastic has released updates to resolve this issue and…GBHACKERS.COM
7 Oct KEVCISA Alerts on Oracle E-Business Suite 0-Day Actively Exploited for Ransomware AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Oracle E-Business Suite that cybercriminals are actively exploiting to deploy ransomware attacks against organizations worldwide. The vulnerabilit…GBHACKERS.COM
7 OctGoogle DeepMind launches an AI agent to fix code vulnerabilities automaticallyGoogle DeepMind has introduced an AI agent that automatically found and fixed software vulnerabilities in open source projects, submitting 72 security patches over the past six months to codebases including some as large as 4.5 million lines of code. The tool, called CodeMender, …CSOONLINE.COM
7 OctExploit Against FreePBX (CVE-2025-57819) with code execution., (Tue, Oct 7th)FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of vulnerabilities in the past. Most recently, a SQL inje…ISC.SANS.EDU
7 Oct10.0-severity RCE flaw puts 60,000 Redis instances at riskThe popular Redis in-memory data store received a patch for a critical vulnerability that leads to remote code execution on the server hosting the database. While the flaw requires authentication to exploit, many Redis instances don’t have authentication configured and around 60,…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
7 OctMustang Panda Adopts New DLL Side-Loading Method to Deploy MalwareThe sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2…GBHACKERS.COM
7 OctHackers Launch Leak Portal to Publish Data Stolen from Salesforce InstancesThe hacker collective styling itself “Scattered Lapsus$ Hunters”—an alliance echoing elements of ShinyHunters, Scattered Spider, and Lapsus$—has launched an extortionware portal to pressure victims into paying for delisting and purported deletion of stolen data. The group’s lever…GBHACKERS.COM
7 Oct164: Oak Cliff SwipersHe started small, swiping cards, buying gift cards, and cashing out. It spiraled into a full‑blown criminal enterprise. Dozens of co‑conspirators, stacks of stolen plastic, and a lifestyle built on chaos. Meet Nathan Michael, leader of Oak Cliff Swipers. Sponsors Support for this…DARKNETDIARIES.COM
7 OctIs the CISO chair becoming a revolving door?CISO tenures average just 18 to 26 months, compared with nearly five years for the broader C-suite, according to CISO Workforce and Headcount 2023 Report from Cybersecurity Ventures. In a profession where the stakes are sky-high and the fallout from a single mistake can be career…CSOONLINE.COM
7 OctThe Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers WarnThe Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices. The post The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn appeared first on SecurityWeek .SECURITYWEEK.COM
7 OctCritical Vulnerability Puts 60,000 Redis Servers at Risk of ExploitationAuthenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
7 OctFinding Large Bounties with Large Language Models - Nico Waisman - ASW #351Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed a bug bounty leaderboard, ho…YOUTUBE.COM
7 OctFortra GoAnywhere MFT Zero-Day Exploited in Ransomware AttacksThe Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
7 OctHackers Exploit Legitimate Commands to Breach DatabasesIn recent years, adversaries have abandoned traditional malware in favor of “living-off-the-land” operations against cloud and SaaS environments. Rather than deploying custom ransomware binaries, many threat actors now exploit misconfigured database services—leveraging only built…GBHACKERS.COM
7 OctAI-Enabled Influence Operation Against IranCitizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel. Key Findings A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we re…SCHNEIER.COM
7 OctHackers exploiting critical Oracle EBS flaw | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/hackers-exploiting-critical-oracle-ebs-flaw-authorities-warn/SH.ITJUST.WORKS
7 OctCritical 9.9 Redis vulnerability enables remote code execution | SC Mediasubmitted by kid to cybersecurity 2 points | 0 comments https://www.scworld.com/news/critical-9-9-redis-vulnerability-enables-remote-code-executionSH.ITJUST.WORKS
7 OctMedusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/medusa-ransomware-exploited-file-transferSH.ITJUST.WORKS
7 OctGoogle's new AI bug bounty program pays up to $30,000 for flawsThis week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. [...]BLEEPINGCOMPUTER.COM
7 OctGoogle's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch ThemGoogle's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's ongoing efforts to improve AI-powered vuln…THEHACKERNEWS.COM
7 OctCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on October 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-280-01 Delta Electronics DIAScreen ICSA-25-226-31 Rockwell Automatio…CISA.GOV
7 OctClop exploited Oracle zero-day for data theft since early AugustThe Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August, according to cybersecurity company CrowdStrike. [...]BLEEPINGCOMPUTER.COM
7 OctDraftKings warns of account breaches in credential stuffing attacksSports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks. [...]BLEEPINGCOMPUTER.COM
7 OctNews alert: INE Security report finds cyber-IT silos leave teams exposed — cross-training urgedRALEIGH, N.C., Oct. 7, 2025, CyberNewswire – INE Security , a leading provider of cybersecurity training and certifications, today announced the results of a global study examining the convergence of networking and cybersecurity disciplines. “ Wired Together: The Case for &…LASTWATCHDOG.COM
7 OctShinyHunters Wage Broad Corporate Extortion SpreeA cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also cl…KREBSONSECURITY.COM
7 OctSalesforce refuses to pay ransom over widespread data theft attacksSalesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company's customers this year. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 4[−]
7 OctSuspected Chinese cyber spies targeted Serbian aviation agencysubmitted by randomname to cybersecurity 1 points | 0 comments https://therecord.media/suspected-chinese-spies-serbia cross-posted from: scribe.disroot.org/post/4943635 Archived version Here is the technical report: CN APT targets Serbian Government A suspected China-linked cyber…INFOSEC.PUB
7 OctSuspected Chinese cyber spies targeted Serbian aviation agencysubmitted by randomname to cybersecurity 2 points | 0 comments https://therecord.media/suspected-chinese-spies-serbia cross-posted from: scribe.disroot.org/post/4943635 Archived version Here is the technical report: CN APT targets Serbian Government A suspected China-linked cyber…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 15[−]
7 OctAdpost - 3,339,512 breached accountsIn February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.HAVEIBEENPWNED.COM
7 OctRed Hat Breach Impacts 5,000+ High-Value Enterprise Customers, Data at RiskAn extortion group calling itself Crimson Collective claimed responsibility for a major breach at Red Hat Consulting. With only 22 followers on Telegram at the time, the group’s rapid rise to notoriety has stunned security experts. By the end of that day, Red Hat confirmed the br…GBHACKERS.COM
7 OctAbracadabra.money hacked again​ | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/crypto/defi-platform-abracadabra-money-hackers-lost-20m/SH.ITJUST.WORKS
7 OctNew Research: AI Is Already the #1 Data Exfiltration Channel in the EnterpriseFor years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mind…THEHACKERNEWS.COM
7 OctXWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft CapabilitiesCybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plu…THEHACKERNEWS.COM
7 OctPhishers turn 1Password’s Watchtower into a blind spotMalwarebytes has flagged a new phishing campaign that weaponized user trust in 1Password’s breach notification system, adding that an employee nearly handed over their vault credentials to scammers. The lure was an email notifying recipients that their master password had been fo…CSOONLINE.COM
7 OctFrom Ransom to Revenue LossDiscover how ransomware attacks go beyond ransom payments, impacting your company's bottom line through recovery costs, lost revenue and damaged trust. The post From Ransom to Revenue Loss appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
7 OctThe AI Fix #71: Hacked robots and power-hungry AIIn episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the ICPC World Finals, Claude…GRAHAMCLULEY.COM
7 OctRedefining Security Validation with AI-Powered Breach and Attack SimulationSecurity teams are drowning in threat intel — but AI is changing that. AI-powered Breach and Attack Simulation turns new threats into real, testable scenarios in minutes — delivering proof that your defenses work, not just assumptions. Join the BAS Summit 2025 to see how AI redef…BLEEPINGCOMPUTER.COM
7 OctElectronics giant Avnet confirms breach, says stolen data unreadableElectronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. [...]BLEEPINGCOMPUTER.COM
7 OctTop 10 Best Cyber Threat Intelligence Companies in 2025In 2025, cyber threat intelligence companies are more crucial than ever as organizations face increasingly sophisticated attacks from advanced persistent threats, ransomware gangs, and state-sponsored actors. Choosing the best CTI (Cyber Threat Intelligence) provider can mean the…GBHACKERS.COM
7 OctTop 10 Best Digital Risk Protection (DRP) Platforms in 2025In today’s digital-first economy, the cyber risk landscape is evolving faster than ever before. Enterprises face threats ranging from phishing campaigns and social engineering to data breaches and brand impersonation. Digital Risk Protection (DRP) platforms are becoming indispens…GBHACKERS.COM
7 OctElectronics giant Avnet confirms breach, says stolen data unreadablesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/electronics-giant-avnet-confirms-breach-says-stolen-data-unreadable/SH.ITJUST.WORKS
7 OctRed Hat data breach escalates as ShinyHunters joins extortionsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/red-hat-data-breach-escalates-as-shinyhunters-joins-extortion/SH.ITJUST.WORKS
7 OctQilin Claims Ransomware Attack on Mecklenburg Schools - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/qilin-ransomware-mecklenburg/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 20[−]
7 OctISC Stormcast For Tuesday, October 7th, 2025 https://isc.sans.edu/podcastdetail/9644, (Tue, Oct 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 OctSecurity Firm Exposes Role of Beijing Research Institute in China’s Cyber OperationsBIETA and its subsidiary CIII research develop and sell technologies supporting China’s intelligence, counterintelligence, and military operations. The post Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations appeared first on SecurityWeek .SECURITYWEEK.COM
7 OctFiligran Raises $58 Million in Series C FundingThe company plans to expand to new markets, fuel the development of a new module for its platform, and accelerate AI integration. The post Filigran Raises $58 Million in Series C Funding appeared first on SecurityWeek .SECURITYWEEK.COM
7 OctCavalry Werewolf APT Targets Russian Organizations Using FoalShell and Telegram C2Cavalry Werewolf, a Russian-focused advanced persistent threat (APT) cluster, has intensified its offensive operations by experimenting with new malware variants and leveraging Telegram-based command-and-control (C2). Security teams must prioritize real-time visibility into the t…GBHACKERS.COM
7 OctRainwalk Pet Insurance Exposes 158 GB of US Customer and Pet Datasubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/rainwalk-pet-insurance-158-gb-customer-pet-data/SH.ITJUST.WORKS
7 OctCybersecurity M&A Roundup: 40 Deals Announced in September 2025Significant cybersecurity M&A deals announced by Check Point, CrowdStrike, F5, Mitsubishi Electric, and SentinelOne. The post Cybersecurity M&A Roundup: 40 Deals Announced in September 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
7 OctPatch Now: Dell UnityVSA Flaw Allows Command Execution Without Loginsubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/dell-unityvsa-flaw-command-execution-without-login/SH.ITJUST.WORKS
7 OctEOL Router Question/ OpenWRTsubmitted by sic_semper_tyrannis to cybersecurity 1 points | 0 comments Common security practices are to keep a router for as long as it’s receiving security patches. Once it’s EOL, then replace it. I have a Gl.iNet router using the latest firmware that just released recently. Ho…SH.ITJUST.WORKS
7 OctHackers Stole Data From Public Safety Comms Firm BK TechnologiesBK Technologies has informed the SEC that it discovered an IT intrusion on September 20. The post Hackers Stole Data From Public Safety Comms Firm BK Technologies appeared first on SecurityWeek .SECURITYWEEK.COM
7 Octit-sa 2025: Fast 1.000 Security-Anbieter am StartWeggefährten der it-sa auf der ersten Pressekonferenz (von links): Claudia Plattner, BSI-Präsidentin, Ralf Wintergerst, Präsident des Bitkom, Prof. Norbert Pohlmann, Vorsitzender des Bundesverbandes für IT-Sicherheit „TeleTrusT“ und Joanna Świątkowska von der European Cyber Secur…CSOONLINE.COM
7 OctINE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity”Raleigh, United States, October 7th, 2025, CyberNewsWire Report Shows Cross-Training as Strategic Solution to Operational Friction Between Networking and Cybersecurity Teams  INE Security, a leading provider of cybersecurity training and certifications, today announced the r…GBHACKERS.COM
7 OctNorth Korean hackers stole over $2 billion in crypto so far in 2025, researchers sayBlockchain monitoring firm Elliptic said this year’s total is already an all-time record for the North Korean regime.TECHCRUNCH.COM
7 OctNew Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen securityMicrosoft Secure Future Initiative (SFI) patterns and practices are practical, actionable, insights from practitioners for practitioners based on Microsoft’s implementation of Zero Trust through the Microsoft Secure Future Initiatives. By adopting these patterns, organizations ca…MICROSOFT.COM
7 OctNorth Korean hackers stole over $2 billion in crypto this yearNorth Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. [...]BLEEPINGCOMPUTER.COM
7 OctThreat Actors Behind WARMCOOKIE Malware Added New Features to It’s Arsenalsubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/threat-actors-behind-warmcookie-malware/SH.ITJUST.WORKS
7 OctBatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job SeekersA Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters,…THEHACKERNEWS.COM
7 OctDisrupting threats targeting Microsoft TeamsThreat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpo…MICROSOFT.COM
7 OctNew Phishing Campaign Uses AI Tools to Evade DetectionMicrosoft warns that a recent phishing campaign used AI technology to obfuscate its payload and evade security filters.KNOWBE4.COM
7 OctBad Crypto, Zombie CPUs, Y2K38,Park Mobile, Redis, Red Hat, Deloitte, Aaran Leyland.. - SWN #518Bad Crypto, Blood Thirsty Zombie CPUs, Y2K38, Park Mobile, Palo Alto, Redis, Red Hat, Deloitte, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-518YOUTUBE.COM
📡 INFOSEC NEWS 8[−]
7 OctTriple Threat: Signal's Ratchet Goes Post-QuantumSignal recently announced the introduction of another layer of post-quantum cryptography to their protocol, this time in their ratcheting mechanism. Let's take a look!QUARKSLAB.COM
7 OctSecurity bug in India’s income tax portal exposed taxpayers’ sensitive dataTechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is now fixed.TECHCRUNCH.COM
7 OctMicrosoft kills more Microsoft Account bypasses in Windows 11Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing Windows 11. [...]BLEEPINGCOMPUTER.COM
7 OctICE bought vehicles equipped with fake cell towers to spy on phonesThe federal contract shows ICE spent $825,000 on vans equipped with “cell-site simulators” which allow the real-world location tracking of nearby phones and their owners.TECHCRUNCH.COM
7 OctGoogle won’t fix ASCII smuggling attacks in GeminiGoogle's AI assistant Gemini is vulnerable to ASCII smuggling, a well-documented attack method that could trick it into providing users with fake information, alter the model's behavior, and silently poison its data. [...]BLEEPINGCOMPUTER.COM
7 OctGoogle won’t fix new ASCII smuggling attack in GeminiGoogle has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model's behavior, and silently poison its data. [...]BLEEPINGCOMPUTER.COM
7 OctDocker makes Hardened Images Catalog affordable for small businessesThe Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for all development teams at startups and SMBs. [...]BLEEPINGCOMPUTER.COM
7 OctThe case for cybersecurity: Why successful businesses are built on protectionCompany leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and centerWELIVESECURITY.COM