🚨 CISA KEV 2[−]
15 Oct KEVCISA Alerts on Rapid7 Velociraptor Flaw Exploited in Ransomware CampaignsThe Cybersecurity and Infrastructure Security Agency has added a critical vulnerability in Rapid7 Velociraptor to its Known Exploited Vulnerabilities catalogue, warning that threat actors are actively exploiting the flaw in ransomware attacks. The vulnerability, tracked as CVE-20…GBHACKERS.COM
15 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malici…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
15 Oct KEVOctober 2025 Patch Tuesday: Holes in Windows Server Update Service and an ancient modem driverMicrosoft’s October Patch Tuesday releases will fix 167 vulnerabilities, the highest number this year, including seven rated as critical that need immediate attention from CISOs. Separately, SAP released 13 new security notes, as well as four updates to previously released securi…CSOONLINE.COM
15 OctHackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing AttacksMicrosoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited system access to escalate their p…GBHACKERS.COM
15 OctNew SAP NetWeaver Bug Lets Attackers Take Over Servers Without LoginSAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has be…THEHACKERNEWS.COM
15 OctTwo CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial ControlCybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 and CVE-2023…THEHACKERNEWS.COM
15 OctHackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell AccessCybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to i…THEHACKERNEWS.COM
15 OctFortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System CommandsFortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command line interface restrictions. The flaw, tracked as CVE-2025-58325, was disc…GBHACKERS.COM
15 OctFortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass AuthenticationFortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, tracked as CVE-2025-49201, was internally discovered by Gwen…GBHACKERS.COM
15 OctChrome Use-After-Free Flaw Lets Attackers Execute Arbitrary CodeGoogle has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers. The flaw, tracked as CVE-2025-11756, affects Chrome’s Sa…GBHACKERS.COM
15 Oct KEVWindows Agere Modem Driver 0-Day Exploited in Active Privilege Escalation AttacksA newly discovered zero-day vulnerability in the Windows Agere Modem driver has been actively exploited by threat actors to elevate privileges on affected systems. Tracked as CVE-2025-24052 and CVE-2025-24990, these flaws allow a low-privileged user to gain full system control wi…GBHACKERS.COM
15 OctAdobe Security Update Fixes Critical CVE-2025-49553 Bugsubmitted by kid to cybersecurity 1 points | 0 comments https://thecyberexpress.com/adobe-security-update-3/SH.ITJUST.WORKS
15 OctOperation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy RootkitsTrend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.TRENDMICRO.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
15 OctPro-Russian Hacktivists Target Government, Finance and E-Commerce SitesThe pro-Russian hacktivist collective NoName057(16) has emerged as a notable participant in a coordinated wave of cyberattacks targeting Israeli infrastructure during the October 7 anniversary period. The group claimed responsibility for multiple distributed denial-of-service (DD…GBHACKERS.COM
15 OctMicrosoft Patches 173 Vulnerabilities, Including Exploited Windows FlawsThe tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects. The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek .SECURITYWEEK.COM
15 OctAdobe Patches Critical Vulnerability in Connect Collaboration SuiteAdobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio. The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek .SECURITYWEEK.COM
15 Oct13 cybersecurity myths organizations need to stop believingThe past few years have seen a dramatic shift in how organizations protect themselves against attackers. The rise of AI and the fast-paced digitalization have changed the security landscape, making CISOs’ jobs more complex than ever before. This rapidly changing environment deman…CSOONLINE.COM
15 OctTigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code ExtensionsSophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source co…GBHACKERS.COM
15 OctAutomating Compliance and Risk with Agentic AI as CISOs (R)Evolve - Trevor Horwitz - BSW #417Still managing compliance in a spreadsheet? Don't have enough time or resources to verify your control or risk posture? And you wonder why you can't get the budget to move your compliance and risk programs forward. Maybe it's time for a different approach. Trevor Horwitz, Founder…YOUTUBE.COM
15 OctCritical Veeam Backup RCE Flaws Allow Remote Execution of Malicious CodeVeeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts. …GBHACKERS.COM
15 Oct KEVTwo New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever ShippedMicrosoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enr…THEHACKERNEWS.COM
15 OctMicrosoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary CodeA serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects the IIS Inbox COM Objects and stems from improper handling of shared memory and objects that have be…GBHACKERS.COM
15 OctApple’s Bug Bounty ProgramApple is now offering a $2M bounty for a zero-click exploit. According to the Apple website : Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to obje…SCHNEIER.COM
15 OctBeyond the checklist: Building adaptive GRC frameworks for agentic AIIf you’re like me, you’re noticing a chilling disconnect in the boardroom: The speed of agentic AI adoption vastly outpaces the maturity of our governance, risk and compliance frameworks. We have spent decades refining the GRC checklist, designing static policies and annual audit…CSOONLINE.COM
15 OctTigerJack’s malicious VSCode extensions mine, steal, and stay hiddenIn a new disclosure, security researchers revealed that a threat actor group called TigerJack has been publishing malicious extensions on Microsoft’s Visual Studio Code (VSCode) Marketplace and the OpenVSX registry to steal source code, plant cryptominers, and maintain remote acc…CSOONLINE.COM
15 OctHow Attackers Bypass Synced PasskeysTLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enter…THEHACKERNEWS.COM
15 OctIntroducing MAESTRO: A framework for securing generative and agentic AIArtificial Intelligence (AI) is advancing at a pace that outstrips traditional security frameworks. Generative AI has already changed how financial institutions analyze data, create insights and engage with customers. The next frontier, agentic AI, is even more transformative. Th…CSOONLINE.COM
15 Oct KEVFlax Typhoon exploited ArcGIS to gain long-term accessAn advanced persistent threat (APT) group, Flax Typhoon, was able to gain persistent access to the mapping tool ArcGIS for over a year, putting several enterprises at risk. ArcGIS is a geospatial platform developed by ESRI, often relied upon by organizations to understand and ana…CSOONLINE.COM
15 OctMicrosoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flawssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/SH.ITJUST.WORKS
15 OctF5 says hackers stole undisclosed BIG-IP flaws, source codeU.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. [...]BLEEPINGCOMPUTER.COM
15 OctF5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability DataF5 has not shared too much information on the threat actor, but the attack profile seems to point to China. The post F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data appeared first on SecurityWeek .SECURITYWEEK.COM
15 OctOver 100 VS Code Extensions Exposed Developers to Hidden Supply Chain RisksNew research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VSCode Marketplace or Open VSX PAT [personal…THEHACKERNEWS.COM
15 OctHackers Breach F5 and Stole BIG-IP Source Code and Undisclosed Vulnerability DataF5 Networks confirmed that a sophisticated nation-state threat actor infiltrated its systems, exfiltrating proprietary BIG-IP source code and confidential vulnerability information. The incident, which began in August 2025, targeted F5’s product development and engineering knowle…GBHACKERS.COM
15 OctCISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 DevicesToday, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly r…CISA.GOV
15 OctF5 says hackers stole undisclosed BIG-IP flaws, source codesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-undisclosed-big-ip-flaws-source-code/SH.ITJUST.WORKS
15 OctF5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive IntrusionU.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophi…THEHACKERNEWS.COM
15 OctFortra cops to exploitation of GoAnywhere file-transfer service defectsubmitted by kid to cybersecurity 1 points | 0 comments https://cyberscoop.com/fortra-goanywhere-vulnerability-exploitation/SH.ITJUST.WORKS
15 OctF5 network compromisedOn October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities. This information may enable threat actors to compromise F5 devic…SOPHOS.COM
15 OctMCPTotal Launches to Power Secure Enterprise MCP WorkflowsMCPTotal , a comprehensive secure Model Context Protocol (MCP) platform, today announced its flagship platform to help businesses adopt and secure MCP servers. MCP has become the standard interface for connecting AI models with enterprise systems, external data sources, and third…CSOONLINE.COM
15 OctPowerSchool hacker gets sentenced to four years in prison19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a massive data breach. [...]BLEEPINGCOMPUTER.COM
15 OctSource code and vulnerability info stolen from F5 NetworksCSOs with equipment from F5 Networks in their environment should patch their devices immediately and be alert for suspicious activity after the company acknowledged in a regulatory filing today that an unnamed threat actor stole some source code for its BIG-IP products earlier th…CSOONLINE.COM
15 Oct58% of CISOs are boosting AI security budgetsAI is no longer an experiment in the security stack — it’s becoming the centerpiece. Foundry’s 2025 Security Priorities Study finds that 58% of organizations plan to boost spending on AI-enabled security tools next year, signaling a decisive shift from curiosity to commitment. An…CSOONLINE.COM
15 OctMCPTotal Launches to Power Secure Enterprise MCP WorkflowsMCPTotal, a comprehensive secure Model Context Protocol (MCP) platform, today announced its flagship platform to help businesses adopt and secure MCP servers. MCP has become the standard interface for connecting AI models with enterprise systems, external data sources, and …GBHACKERS.COM
15 OctRisky Business #810 -- Data extortion attacks have a silver liningIn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: FBI intervenes in Scattered Spider Salesforce leaksite Clop loots Oracle E-Biz deployments Plus so much more data extortion.. At least it’s not ransomware … we guess? The US still …RISKY.BIZ
📋 SECURITY BULLETINS 5[−]
15 OctHigh-Severity Vulnerabilities Patched by Fortinet and IvantiFortinet and Ivanti have announced their October 2025 Patch Tuesday updates, which patch many vulnerabilities across their products. The post High-Severity Vulnerabilities Patched by Fortinet and Ivanti appeared first on SecurityWeek .SECURITYWEEK.COM
15 OctICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix ContactOver 20 advisories have been published by industrial giants this Patch Tuesday. The post ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact appeared first on SecurityWeek .SECURITYWEEK.COM
15 OctMicrosoft: Sept Windows Server updates cause Active Directory issuesMicrosoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems. [...]BLEEPINGCOMPUTER.COM
15 OctOctober Patch Tuesday beats January ’25 recordMicrosoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big partySOPHOS.COM
15 OctF5 releases BIG-IP patches for stolen security vulnerabilitiesCybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 13[−]
15 OctNCSC Issues Warning as UK Sees Four Cyber Attacks a WeekBritish organisations are facing an unprecedented cyber security crisis as the National Cyber Security Centre reveals a dramatic surge in attacks threatening the nation’s digital infrastructure. This alarming escalation translates to an average of four major cyber attacks t…GBHACKERS.COM
15 OctUK: 130% Spike in “Nationally Significant” Cyber Incidents - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/uk-ncsc-spike-national-cyber/SH.ITJUST.WORKS
15 OctNCSC warns companies to prepare for a day when your screens go darkThe UK’s National Cyber Security Centre warns that the country now faces four nationally significant cyberattacks every week - a 129% jump in a year. Some headlines claim the NCSC is urging organisations to “go back to pen and paper,” but the full report tells a more practical st…FORTRA.COM
15 OctBreachLock Named Representative Provider for Penetration Testing as a Service (PTaaS) in New Gartner® ReportBreachLock, the global leader in Penetration Testing as a Service (PTaaS), has been recognized as a Representative Provider in the 2025 Innovation Insight: Penetration Testing as a Service report by Gartner. The report highlights how PTaaS helps organizations increase testi…GBHACKERS.COM
15 OctSecure the Edge with Prisma Browser and the Essential EightSecure organizations' web edge with Prisma Browser for Essential Eight and ISM compliance. Palo Alto Networks fortifies applications against cyber threats. The post Secure the Edge with Prisma Browser and the Essential Eight appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
🔥 INCIDENT REPORTING 16[−]
15 OctHello Cake - 22,907 breached accountsIn July 2025, the sexual healthcare product maker Hello Cake suffered a data breach . The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.HAVEIBEENPWNED.COM
15 OctClipboard Pictures Exfiltration in Python Infostealer, (Wed, Oct 15th)For a while, clipboard content has been monitored by many infostealers. Purposes can be multiple, like simply searching and exfiltrating juicy data or on-the-fly modification like crypto-wallet swapping&#;x26;#;x5b; 1 &#;x26;#;x5…ISC.SANS.EDU
15 OctHacker attackieren Vergabeportal für öffentliche AufträgeProrussische Hacker haben die Internetseite des Deutschen Vergabeportals fast eine Woche lang lahmgelegt. ozrimoz – shutterstock Prorussische Hacker haben nach einem Bericht der Süddeutschen Zeitung (SZ) die Webseite des Deutschen Vergabeportals des Bundes in die Knie gezwungen. …CSOONLINE.COM
15 OctGhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian UsersThe GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation,…GBHACKERS.COM
15 OctDeutsche Logistik schlecht vor Cyberattacken geschütztsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_2475142117.jpg?quality=50&strip=all 3840w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_2475142117.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
15 OctHackers claim attacks on Texas electric co-ops | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/texas-electric-coops-ransomware-attack/SH.ITJUST.WORKS
15 OctCapita Fined £14m After 2023 Breach that Hit 6.6 Million People - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/capita-fined-14m-2023-breach-66/SH.ITJUST.WORKS
15 OctCustomer Service Firm 5CA Denies Responsibility for Discord Data BreachAfter being named by Discord as the third-party responsible for the breach, 5CA said none of its systems were involved. The post Customer Service Firm 5CA Denies Responsibility for Discord Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
15 OctBlackSuit Ransomware Breaches Corporate Network Using Single Compromised VPN CredentialA major manufacturing company fell victim to a swift and devastating ransomware attack after threat actors gained access using just one set of stolen VPN credentials. The attack, carried out by the cybercrime group Ignoble Scorpius, culminated in widespread encryption of virtual …GBHACKERS.COM
15 OctClothing giant MANGO discloses data breach exposing customer infoSpanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. [...]BLEEPINGCOMPUTER.COM
15 OctThe importance of hardening customer support tools against cyberattacksAs customer support tools become more connected and data-rich, they’re increasingly targeted by cyberattacks. Hardening these systems is no longer optional—it’s essential to protect customer trust, sensitive data, and business continuity. The post The importance of hardening cust…MICROSOFT.COM
15 OctFake LastPass, Bitwarden breach alerts lead to PC hijacksAn ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. [...]BLEEPINGCOMPUTER.COM
15 OctCapita to pay £14 million for data breach impacting 6.6 million peopleThe Information Commissioner's Office (ICO) in the UK has fined Capita, a provider of data-driven business process services, £14 million ($18.7 million) for a data breach incident in 2023 that exposed the personal information of 6.6 million people. [...]BLEEPINGCOMPUTER.COM
15 OctSmashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood MacA critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don't talk about enough: the human cost of defending comp…GRAHAMCLULEY.COM
15 OctHackers steal data of fashion retailer Mango’s customersSpanish fashion retailer MANGO has warned customers that there has been a data breach.GRAHAMCLULEY.COM
🕵️ THREAT INTELLIGENCE 16[−]
15 OctRealBlindingEDR Tool That Permanently Turns Off AV/EDR Using Kernel Callbackssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/realblindingedr-tool/INFOSEC.PUB
15 OctTelegram Becomes the Nerve Center for Modern Hacktivist OperationsTelegram has solidified its position as the primary coordination hub for modern hacktivist operations, according to comprehensive research analyzing over 11,000 posts from more than 120 politically motivated threat actor groups. Contrary to assumptions that such activities remain…GBHACKERS.COM
15 OctUEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 LaptopsSecurity researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops. These flaws expose a fundamental weakness in firmware security that could …GBHACKERS.COM
15 OctPixnapping Attack Hijacks Google Authenticator 2FA Codes in Under 30 SecondsSecurity researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile applications in under 30 seconds. Pixnapping leverages fundamental feature…GBHACKERS.COM
15 OctEnd of Support for Windows 10 Sparks Security Fears Among Millions of UsersMicrosoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance, feature updates, and security patches for one of the most widely used operatin…GBHACKERS.COM
15 OctChinese Hackers Use Geo-Mapping Tool for Year-Long PersistenceThe China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor—an attack so unique it prompted the vendor to update its documentation. The attackers repurposed a legitimate Java…GBHACKERS.COM
15 OctOracle issues second emergency patch for E-Business Suite in two weeks | CSO Onlinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.csoonline.com/article/4072174/oracle-issues-second-emergency-patch-for-e-business-suite-in-two-weeks.htmlSH.ITJUST.WORKS
15 OctStudy reveals satellites comms spilling unencrypted data • The Registersubmitted by kid to cybersecurity 3 points | 1 comments https://www.theregister.com/2025/10/14/unencrypted_satellite_comms/SH.ITJUST.WORKS
15 OctWebinar Today: Fact vs. Fiction – The Truth About API SecurityGet practical guidance to protect APIs against the threats attackers are using right now. The post Webinar Today: Fact vs. Fiction – The Truth About API Security appeared first on SecurityWeek .SECURITYWEEK.COM
15 OctWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
15 OctSecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in AtlantaPremier industrial cybersecurity conference Offers 70+ sessions, five training courses, and and ICS Village CTF competition. The post SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta appeared first on SecurityWeek .SECURITYWEEK.COM
15 OctNews Alert: MCPTotal unveils the first platform to secure Model Context Protocol workflowsNEW YORK, Oct. 15, 2025, CyberNewswire — MCPTotal , a comprehensive secure Model Context Protocol (MCP) platform, today announced its flagship platform to help businesses adopt and secure MCP servers. MCP has become the standard interface fxor connecting AI models … (more…)…LASTWATCHDOG.COM
15 Oct338 Malicious npm Packages Linked to North Korean Hackers | eSecurity Planetsubmitted by kid to cybersecurity 3 points | 0 comments https://www.esecurityplanet.com/news/338-malicious-npm-packages-linked-to-north-korean-hackers/SH.ITJUST.WORKS
15 OctChinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for MonthsA threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group's expansion to the country beyond Southeast Asia and South America. The activity, which took place from January to May 2025, has…THEHACKERNEWS.COM
15 OctISC Stormcast For Thursday, October 16th, 2025 https://isc.sans.edu/podcastdetail/9658, (Wed, Oct 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 OctIT service desks: The security blind spot that may put your business at riskCould a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.WELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
15 OctHow to spot dark web threats on your network using NDRDark web activity can hide in plain sight within everyday network traffic. Corelight's NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 5[−]
15 OctInspiring Futures: Empowering the Next Generation of Girls in TechAt Sophos, we're proud to champion the next generation of women in tech by creating early opportunities, fostering confidence, and supporting inclusive initiatives that empower girls to explore and thrive in technology.SOPHOS.COM
15 OctCyber giant F5 Networks says government hackers had ‘long-term’ access to its systems, stole code and customer dataThe company, which provides cybersecurity defenses to most of the Fortune 500, said the DOJ allowed it to delay notifying the public on national security grounds.TECHCRUNCH.COM
15 OctWireTap and Battering RAM: attacks on TEEs | Kaspersky official blogWireTap and Battering RAM — two independent theoretical papers — demonstrated the feasibility of attacks on trusted execution environments (TEEs).KASPERSKY.COM
15 OctYouTube is down worldwide with playback errorYouTube is currently facing a global outage, with users reporting playback errors on both the website and mobile apps. [...]BLEEPINGCOMPUTER.COM