88Articles
7Categories
2025-10-08Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
8 Oct KEVFreePBX SQL Injection Vulnerability Leads to Database TamperingA critical SQL injection vulnerability in FreePBX, designated as CVE-2025-57819, has been actively exploited by attackers to modify the database and achieve arbitrary code execution on vulnerable systems. The vulnerability affects the popular open-source PBX platform that provide…GBHACKERS.COM
8 OctAWS Client VPN for macOS Hit by Critical Privilege Escalation VulnerabilityAmazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation. CVE ID Affected…GBHACKERS.COM
8 OctSevere Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch NowCybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a comman…THEHACKERNEWS.COM
8 OctNagios Vulnerability Allows Users to Retrieve Cleartext Administrative API KeysSecurity researchers have identified two significant vulnerabilities in Nagios Log Server that expose critical system information and allow unauthorized service manipulation. The vulnerabilities, tracked as CVE-2025-44823 and CVE-2025-44824, affect versions prior to 2024R1.3.2 an…GBHACKERS.COM
8 OctUnplug Gemini from email and calendars, says cybersecurity firmCSOs should consider turning off Google Gemini access to employees’ Gmail and Google Calendars, because the chatbot is vulnerable to a form of prompt injection, says the head of a cybersecurity firm that discovered the vulnerability. ”If you’re worried about the risk, you might w…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
8 Oct“Mic-E-Mouse” Attack Lets Hackers Steal Sensitive Data via Mouse SensorsA groundbreaking cybersecurity vulnerability has been discovered that transforms everyday computer mice into sophisticated eavesdropping tools. Researchers have developed the “Mic-E-Mouse” attack, which exploits high-performance optical sensors in consumer mice to sec…GBHACKERS.COM
8 OctMicrosoft Alerts Users as Hackers Exploit Teams Features to Spread MalwareMicrosoft is urging organizations to harden Microsoft Teams as threat actors increasingly abuse its built-in collaboration features chat, meetings, voice/video, screen sharing, and app integrations to gain initial access, persist, move laterally, and exfiltrate data. While Micros…GBHACKERS.COM
8 OctBK Technologies Data Breach, IT Systems Compromised, Data StolenBK Technologies Corporation, a Florida-based communications equipment manufacturer, disclosed a significant cybersecurity incident that compromised its IT systems and potentially exposed employee data. The company filed an SEC Form 8-K on October 6, 2025, revealing that attackers…GBHACKERS.COM
8 OctCISA Alerts on Zimbra Collaboration Suite Zero-Day XSS Flaw Exploited in Ongoing AttacksCISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS). This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters. Organizations running ZCS should move quickly…GBHACKERS.COM
8 OctCrimson Collective Exploits AWS Services to Steal Sensitive DataA newly identified threat group called Crimson Collective has emerged as a significant security concern for organizations using Amazon Web Services (AWS), employing sophisticated techniques to steal sensitive data and extort victims. The Crimson Collective demonstrates remarkable…GBHACKERS.COM
8 OctMultiple Google Chrome Flaws Allow Attackers to Execute Arbitrary CodeGoogle rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of the browser. Extern…GBHACKERS.COM
8 OctAutonomous AI hacking and the future of cybersecurityAI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Ove…CSOONLINE.COM
8 OctExploitation of Oracle EBS Zero-Day Started 2 Months Before PatchingHundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks. The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctTop 10 Best Account Takeover Protection Tools in 2025In 2025, account takeover (ATO) attacks remain one of the most critical cybersecurity risks facing businesses, especially in industries like e-commerce, banking, SaaS, and healthcare. Hackers continuously launch credential stuffing, phishing, and brute-force attacks, targeting us…GBHACKERS.COM
8 OctHackers Exploit CSS Properties to Conceal Malicious Code in Hidden Text Salting AttacksIn a sophisticated evolution of email-based attacks, adversaries have begun leveraging Cascading Style Sheets (CSS) to inject hidden “salt” — irrelevant content used to confuse detection systems — deep within HTML emails. Cisco Talos’s year-long monitoring (March 1, 2024 – July 3…GBHACKERS.COM
8 OctShuyal Stealer Malware Exploits 19 Browsers to Steal LoginsShuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it f…GBHACKERS.COM
8 OctPoC Exploit Released for Critical Vulnerabilities in Lua EngineA new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaws in the Lua parser, the unp…GBHACKERS.COM
8 OctSalesforce AI agents set to assist enterprises with security and complianceSalesforce has announced two new AI agents operating on its Agentforce platform: one agent that monitors activity, detects anomalies, and accelerates investigations and remediations in the Salesforce Security Center; and one that streamlines compliance tasks in the Privacy Center…CSOONLINE.COM
8 OctAI Chatbot Exploited as a Backdoor to Access Sensitive Data and InfrastructureThe rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are inc…GBHACKERS.COM
8 OctNew Phishing Kit Automates ClickFix Attacks to Evade Security DefensesCybercriminals are increasingly automating one of the most insidious social engineering exploits—forcing victims to manually execute malware under the guise of browser verification. The newly discovered IUAM ClickFix Generator commoditizes the ClickFix technique into an easy-to-u…GBHACKERS.COM
8 OctGoogle Unveils CodeMender – An AI Agent That Automatically Fixes Vulnerable CodeGoogle has introduced CodeMender, an AI-powered agent designed to automatically detect and patch security flaws in software. Announced on 6 October 2025 by Raluca Ada Popa and Four Flynn, CodeMender represents a major step toward leveraging artificial intelligence for proact…GBHACKERS.COM
8 OctOpen-source monitor turns into an off-the-shelf attack beaconChina-affiliated hackers have quietly turned a once-benign open-source network monitoring tool into a remote access beacon. According to new findings from cybersecurity firm Huntress, the attackers used log poisoning and a web shell to install Nezha, a legitimate remote monitorin…CSOONLINE.COM
8 OctShuyal Stealer Malware Exploits 19 Browsers to Steal Loginssubmitted by kid to cybersecurity 2 points | 1 comments https://gbhackers.com/shuyal-stealer-malware/SH.ITJUST.WORKS
8 OctLockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware EcosystemThree prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to co…THEHACKERNEWS.COM
8 OctSalesforce refuses to pay ransom over widespread data theft attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/salesforce-refuses-to-pay-ransom-over-widespread-data-theft-attacks/SH.ITJUST.WORKS
8 OctGoogle DeepMind’s New AI Agent Finds and Fixes VulnerabilitiesThe new product is called CodeMender and it can rewrite vulnerable code to prevent future exploits. The post Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctThe Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/the-y2k38-bug-is-a-vulnerability-not-just-a-date-problem-researchers-warn/SH.ITJUST.WORKS
8 OctVTEX data leak exposes data of 6M shoppers | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/vtex-ecommerce-data-leak/SH.ITJUST.WORKS
8 OctTop 10 Best Digital Footprint Monitoring Tools for Organizations in 2025In today’s hyperconnected business environment, organizations are under constant threat from cybercriminals who exploit digital footprints, shadow IT, cloud misconfigurations, and external exposures. Digital footprint monitoring has become one of the most critical aspects of a cy…GBHACKERS.COM
8 OctSalesforce data breach: what you need to knowThe Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. Read more in my article on the Fortra blog.FORTRA.COM
8 OctChinese Hackers Weaponize Open-Source Nezha Tool in New Attack WaveThreat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is charact…THEHACKERNEWS.COM
8 OctHackers exploit auth bypass in Service Finder WordPress themeThreat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. [...]BLEEPINGCOMPUTER.COM
8 OctComputer mice can eavesdrop on private conversations, researchers discoverHigh-end computer mice can be used to eavesdrop on the voice conversations of nearby PC users, researchers from the University of California, Irvine, have shown in a new proof-of-concept demonstration. Given the catchy name ‘Mic-E-Mouse’ (Microphone-Emulating Mouse), the ingeniou…CSOONLINE.COM
8 OctHackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing AttacksCybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verif…THEHACKERNEWS.COM
8 OctGitHub Copilot prompt injection flaw leaked sensitive data from private reposIn a new case that showcases how prompt injection can impact AI-assisted tools, researchers have found a way to trick the GitHub Copilot chatbot into leaking sensitive data, such as AWS keys, from private repositories. The vulnerability was exploitable through comments hidden in …CSOONLINE.COM
📢 SECURITY ADVISORIES 3[−]
8 OctStep Into the Password Graveyard… If You Dare (and Join the Live Session)Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about t…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 20[−]
8 OctAI Tools Lead Corporate DataNorth Korean Hackers Target Crypto Wealth, LinkedIn Fights Data Scraping, and AI Tools Leak Corporate Data In this episode of Cybersecurity Today, host Jim Love covers the latest cybersecurity headlines including North Korean hackers targeting wealthy crypto investors, LinkedIn s…CYBERSECURITYTODAY.LIBSYN.COM
8 OctOpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for CyberattacksOpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access…THEHACKERNEWS.COM
8 OctDraftKings Warns Users of Credential Stuffing AttacksHackers accessed user accounts and compromised names, addresses, phone numbers, email addresses, and other information. The post DraftKings Warns Users of Credential Stuffing Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctForrester's Global Cybersecurity Market Forecast Before AI Fully Kicks In - Merritt Maxim - BSW #416Global spending on cybersecurity products and services will see a strong 14.4% CAGR from 2024 through 2029 and will hit $302.5 billion in 2029, driven by continued concerns around cyberattacks across all verticals and geographies. But where is the spending occuring and how do you…YOUTUBE.COM
8 OctRansomware Group Claims Attack on Beer Giant AsahiThe hackers claim the theft of 27 gigabytes of data, including contracts, employee information, and financial documents. The post Ransomware Group Claims Attack on Beer Giant Asahi appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctRadiflow Unveils New OT Security PlatformRadiflow360 provides enhanced visibility, risk management, and incident response capabilities for mid-sized industrial enterprises. The post Radiflow Unveils New OT Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
8 Oct77% of Employees Share Company Secrets on ChatGPT Compromising Enterprise PoliciesIn an era where AI and SaaS applications underpin daily workflows, organizations face an unprecedented challenge: the invisible exfiltration of sensitive information. Traditional, file-based data loss prevention (DLP) measures were designed for attachments and downloads, but toda…GBHACKERS.COM
8 OctSHARED INTEL Q&A: Cyber insurance breaches expose resilience gap and need for orchestrationCybercriminals have a new target in their sights: the insurance industry. Related: Major breaches of insurance companies Groups like Scattered Spider are going after carriers directly, disrupting operations and exposing weak links in the very system meant to underwrite cyber R…LASTWATCHDOG.COM
8 OctTrinity of Chaos Leaks Data from 39 Companies — Google, Cisco Among TargetsA newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu. The alliance comprises threat…GBHACKERS.COM
8 OctCyber Risk Still #1: Why AI Is Raising the Stakes - and the OpportunitiesIf you’re wondering what keeps business leaders up at night, the latest Aon Global Risk Management Survey has a clear answer: cyber attacks and data breaches. Once again, they top the list as the #1 risk to organizations worldwide — and the problem isn’t getting any smaller. In f…KNOWBE4.COM
8 OctHow Your AI Chatbot Can Become a BackdoorIn this post of THE AI BREACH, learn how your Chatbot can become a backdoor.TRENDMICRO.COM
8 OctJournalists or Hacktivists? Proton Mail Reinstates Accounts After Pushbacksubmitted by 9limmer to cybersecurity 3 points | 0 comments https://www.pcmag.com/news/journalists-hacktivists-proton-mail-reinstates-suspended-accounts cross-posted from: lemmy.zip/post/50559039 Two Proton users were suspended after publishing an investigation into cybersecurity…SH.ITJUST.WORKS
8 OctLondon police arrests suspects linked to nursery breach, child doxingThe UK Metropolitan Police has arrested two suspects following an investigation into the doxing of children online after a ransomware attack on a chain of London-based nurseries. [...]BLEEPINGCOMPUTER.COM
8 OctDefend the Target, Not Just the Door: A Modern Plan for Google WorkspaceThe Salesloft Drift breach shows attackers don't need to "hack Google" — they just need to breach a trusted integration. Learn from Material Security how to secure OAuth, detect risky behavior, and protect data in Google Workspace. [...]BLEEPINGCOMPUTER.COM
8 OctThe State of Ransomware in Healthcare 2025292 IT and cybersecurity leaders reveal the ransomware realities for healthcare establishments today.SOPHOS.COM
8 OctQilin ransomware claims Asahi brewery attack, leaks dataThe Qilin ransomware group has claimed responsibility for the attack at Japanese beer maker Asahi, adding the company to its extortion page on the dark web yesterday. [...]BLEEPINGCOMPUTER.COM
8 OctDraftKings warns of account breaches in credential stuffing attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/draftkings-warns-of-account-breaches-in-credential-stuffing-attacks/SH.ITJUST.WORKS
8 OctMilitary radio maker BK Technologies cops to cyber break-in • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/10/07/police_and_military_radio_maker_bk_admits_breach/SH.ITJUST.WORKS
8 OctSmashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscienceYour computer's mouse might not be as innocent as it looks - and one ransomware crew has a crisis of conscience that nobody saw coming. We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need t…GRAHAMCLULEY.COM
8 OctHackers claim Discord breach exposed data of 5.5 million usersDiscord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 22[−]
8 OctISC Stormcast For Wednesday, October 8th, 2025 https://isc.sans.edu/podcastdetail/9646, (Wed, Oct 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 OctTop 10 Best Brand Protection Solutions for Enterprises in 2025Brand protection has become a necessity for enterprises in 2025, with increasing risks of counterfeiting, phishing, domain abuse, fake social media accounts, and digital piracy. Businesses today must not only defend their intellectual property but also safeguard their digital pre…GBHACKERS.COM
8 OctMassive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPsCybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a sig…GBHACKERS.COM
8 OctAPT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked GroupIn a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian…GBHACKERS.COM
8 OctASCII Smuggling Attack in Gemini Tricks AI Agents into Revealing Smuggled DataEnterprise AI assistants face a hidden menace when invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susceptibility to the long-stand…GBHACKERS.COM
8 OctNorth Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025The hackers are believed to have stolen over $6 billion for the Pyongyang regime, financing its military programs. The post North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctGoogle Offers Up to $20,000 in New AI Bug Bounty ProgramThe company has updated the program’s scope and has combined the rewards for abuse and security issues into a single table. The post Google Offers Up to $20,000 in New AI Bug Bounty Program appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctOpenAI Blocks ChatGPT Accounts Linked to Chinese Hackers Developing MalwareOpenAI has taken decisive action to stop misuse of its ChatGPT models by banning accounts tied to a group of Chinese hackers. This move reflects OpenAI’s core aim to ensuring artificial general intelligence benefits everyone. By setting clear rules and acting swiftly on policy vi…GBHACKERS.COM
8 OctClamAV 1.5.0 Released with Enhanced MS Office and PDF File VerificationClamAV 1.5.0 is now available with new features that strengthen malware detection in Microsoft Office and PDF documents. This update marks a significant step forward for users who need reliable and thorough scanning of encrypted files and embedded links. Alongside improved file c…GBHACKERS.COM
8 OctPhishers turn 1Password’s Watchtower into a blind spot | CSO Onlinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.csoonline.com/article/4068754/phishers-turn-1passwords-watchtower-into-a-blind-spot.htmlSH.ITJUST.WORKS
8 OctVirtual Event Today: Zero Trust & Identity Strategies SummitJoin the virtual event we dive into the world of digital identity management and the role of zero-trust principles and associated technologies. The post Virtual Event Today: Zero Trust & Identity Strategies Summit appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctNorth Korean hackers stole over $2 billion in cryptocurrency this year - Help Net Securitysubmitted by kid to cybersecurity 3 points | 0 comments https://www.helpnetsecurity.com/2025/10/08/north-korean-hackers-cryptocurrency-theft/SH.ITJUST.WORKS
8 OctFlok License Plate SurveillanceThe company Flok is surveilling us as we drive: A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia’s 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in Septem…SCHNEIER.COM
8 OctWill AI-SPM Become the Standard Security Layer for Safe AI Adoption?How security posture management for AI can protect against model poisoning, excessive agency, jailbreaking and other LLM risks. The post Will AI-SPM Become the Standard Security Layer for Safe AI Adoption? appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctAI Takes Center Stage at DataTribe’s Cyber Innovation DayFrom defending AI agents to teaching robots to move safely, finalists at this year’s DataTribe Challenge are charting the next frontier in cybersecurity innovation. The post AI Takes Center Stage at DataTribe’s Cyber Innovation Day appeared first on SecurityWeek .SECURITYWEEK.COM
8 OctTop 10 Best Fraud Prevention Companies in 2025Fraud prevention has become one of the most important priorities for enterprises, financial institutions, and digital-first businesses in 2025. With rising cyber threats, account takeovers, synthetic identities, financial crimes, phishing, and social engineering attacks, the need…GBHACKERS.COM
8 OctMiggo Security Named a Gartner® Cool Vendor in AI SecurityTel Aviv, Israel, October 8th, 2025, CyberNewsWire Miggo Security, pioneer and innovator in Application Detection & Response (ADR) and AI Runtime Defense, today announced it has been recognized as a Gartner Cool Vendor in AI Security. To us, this recognition underscores Miggo…GBHACKERS.COM
8 OctTop 10 Best Supply Chain Intelligence Security Companies in 2025In 2025, securing global supply chains is one of the top priorities for enterprises seeking business continuity, data integrity, and resilience against threats. As cyber risks, fraud, and disruption increase across physical and digital networks, leaders must adopt robust intellig…GBHACKERS.COM
8 OctMet Police Arrest Two Teens in Connection with Kido Attack - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/met-police-arrest-two-teens-kido/SH.ITJUST.WORKS
8 OctNews alert: Miggo Security lauded for preventing AI-borne attacks with behavior-aware securityTEL AVIV, Israel, Oct. 8, 2025, CyberNewswire — Miggo Security , pioneer and innovator in Application Detection & Response (ADR) and AI Runtime Defense, today announced it has been recognized as a Gartner Cool Vendor in AI Security . To … (more…) The post News alert: Mi…LASTWATCHDOG.COM
8 OctSecuring the Human-AI Boundary: Why the Future of Cybersecurity Must Train People and AI AgentsThe cybersecurity landscape is undergoing its most dramatic transformation since the dawn of the internet.KNOWBE4.COM
8 OctSnake Oilers: Realm Security, Horizon3 and PersonaIn this edition of the Snake Oilers podcast, three vendors pop in to pitch you all on their wares: Realm Security: A security focussed, AI-first data pipeline platform Horizon3: AI hackers! Pentesting robots!! They’re coming fer yur jerbs! Persona: Verify customer and staff ident…RISKY.BIZ
🌐 CYBER THREAT LANDSCAPE 2[−]
8 OctPolymorphic Python Malware, (Wed, Oct 8th)Today, I spoted on VirusTotal an interesting Python RAT. They are tons of them but this one attracted my attention based on some function names present in the code: self_modifying_wrapper(), decrypt_and_execute() and polymorph_code(). A polymorphic malwar…ISC.SANS.EDU
8 OctA Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain RiskWe discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users.TRENDMICRO.COM
📡 INFOSEC NEWS 6[−]
8 OctAirline-mimicking fraud | Kaspersky official blogScammers are sending emails purporting to be from major airlines/airports trying to swindle money by demanding refundable deposits.KASPERSKY.COM
8 OctCrimson Collective hackers target AWS cloud instances for data theftThe 'Crimson Collective' threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. [...]BLEEPINGCOMPUTER.COM
8 OctMicrosoft enables Exchange Online auto-archiving by defaultMicrosoft is enabling threshold-based auto-archiving by default in Exchange Online to prevent email flow issues caused by mailboxes filling up faster than expected. [...]BLEEPINGCOMPUTER.COM
8 OctMicrosoft 365 outage blocks access to Teams, Exchange Online​Microsoft is working to resolve an ongoing outage preventing users from accessing Microsoft 365 services, including Microsoft Teams, Exchange Online, and the admin center. [...]BLEEPINGCOMPUTER.COM
8 OctNew FileFix attack uses cache smuggling to evade security softwareA new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim's system and bypassing security software. [...]BLEEPINGCOMPUTER.COM
8 OctCybersecurity Awareness Month 2025: Passwords alone are not enoughNever rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders.WELIVESECURITY.COM