418/68 Wednesday, October 22, 2025 Researchers from The Shadowserver Foundation have discovered that more than 75,835 WatchGuard Firebox devices exposed to the internet worldwide are vulnerable to a critical flaw tracked as CVE-2025-9242 (CVSS 9.3). This vulnerability could allow remote code execution without authentication. The majority of exposed devices are located in Europe and North […]
417/68 Wednesday, October 22, 2025 The concept of Bring Your Own Device (BYOD), where employees use personal devices for work, is now expanding into a new risk area known as Bring Your Own Car (BYOC). At the recent BSides NYC conference, researchers from cybersecurity firm Threatlight showcased a new proof-of-concept (PoC) attack demonstrating how a […]
416/68 Tuesday, October 21, 2025 Envoy Air, a regional airline under American Airlines, has confirmed that it was affected by a cyberattack targeting Oracle E-Business Suite (EBS) systems, carried out by the Cl0p ransomware group, which is linked to the FIN11 cybercrime syndicate. The attackers added American Airlines to their leak site on the dark […]
415/68 Tuesday, October 21, 2025 ConnectWise has rolled out the Automate 2025.9 security update to fix two critical vulnerabilities in its Automate Remote Monitoring and Management (RMM) software that could allow attackers to carry out Man-in-the-Middle (MiTM) attacks by intercepting and manipulating communications between agents and servers. The first flaw, CVE-2025-11492 (CVSS 9.6, Critical), stems […]
414/68 Tuesday, October 21, 2025 Threat actors are using the popular short-video platform TikTok to distribute information-stealing malware by posting short clips that claim to teach viewers how to unlock or activate software and services for free – for example, Windows, Microsoft 365, Adobe Photoshop, Spotify Premium, and Netflix. The technique used in these attacks […]
413/68 Monday, October 20, 2025 The European Union law enforcement agency Europol announced the successful takedown of a cybercrime network operating under a Cybercrime-as-a-Service (CaaS) model, as part of Operation SIMCARTEL. The network offered SIM Farm rental services that enabled global online crimes such as phishing and investment fraud. The operation included 26 raids, resulting […]
412/68 Monday, October 20, 2025 Researchers at Fortinet have revealed that the hacker group Winos 4.0 (also known as ValleyRAT) is expanding its operations from China and Taiwan into Japan and Malaysia, using phishing campaigns to distribute the HoldingHands RAT (also tracked as Gh0stBins), a Remote Access Trojan that enables remote control of compromised machines. […]
411/68 Monday, October 20, 2025 Have I Been Pwned (HIBP), the well-known data breach notification service founded by security expert Troy Hunt, has revealed that the recent cyberattack against Prosper, a peer-to-peer (P2P) lending platform, may have impacted as many as 17.6 million users. The stolen data reportedly includes a wide range of sensitive personal […]
410/68 Friday, October 17, 2025 The UK Information Commissioner’s Office (ICO) has fined Capita £14 million (approximately $18.7 million) following a 2023 data breach that exposed the personal information of more than 6.6 million individuals. Capita is one of the UK’s largest outsourcing and business consulting firms, providing services to government bodies such as local […]
409/68 Friday, October 17, 2025 SAP has issued a security update addressing 13 newly discovered vulnerabilities, including one critical flaw with the highest severity rating (CVSS 10.0), tracked as CVE-2025-42944 in SAP NetWeaver. The issue, categorized as Insecure Deserialization, allows attackers to execute malicious commands. This vulnerability can be exploited remotely without authentication via the […]
