Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targe…
Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to…
Small Businesses and Ransomware: Navigating the AI Era Threat
Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in the crosshairs. While…
Phishing Dominates EU-Wide Intrusions, says ENISA
Phishing and vulnerability exploitation accounted for the vast majority of initial access in cyber-attacks against EU organizations over the…
Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser
Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers…
Red Hat confirms security incident after hackers breach GitLab instance
Correction: After publishing, Red Hat confirmed that it was a breach of one of its GitLab instances, and not GitHub. Title and story updated.…
Red Hat confirms security incident after hackers claim GitHub breach
An extortion group calling itself the Crimson Collective claims to have breached Red Hat's private GitHub repositories, stealing nearly 570GB…
Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code
Splunk has released patches for multiple vulnerabilities in its Enterprise and Cloud Platform products, some of which could allow attackers to…
Samsung and OpenAI Announce Strategic Alliance to Build Next-Generation Global AI Infrastructure
Samsung data breach Samsung has announced a strategic partnership with OpenAI to jointly advance the development of global AI infrastructure.…
Clop extortion emails claim theft of Oracle E-Business Suite data
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data…
Qualcomm Wins “Complete Victory” Over Arm in Major Chip Licensing Lawsuit
The long-standing licensing dispute between Qualcomm and Arm has finally reached its conclusion. On October 1, a U.S. District Court formally…
Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication
The Termix project has disclosed a critical authentication bypass in its official Docker image, exposing sensitive SSH configuration data…
Chrome 141 Stable Channel Update Patches High-Severity Vulnerabilities (CVE-2025-11205 & CVE-2025-11206)
The Chrome team has announced the promotion of Chrome 141 to the Stable Channel for Windows, Mac, and Linux. The release—version…
Critical Flaw CVE-2025-52906 (CVSS 9.3) Allows Unauthenticated RCE on TOTOLINK X6000R Routers
Researchers from Unit 42, Palo Alto Networks’ threat intelligence team, have disclosed three newly discovered in the firmware of the…
Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform
Splunk has released a series of advisories addressing six in Splunk Enterprise and Splunk Cloud Platform, ranging from medium to high…
Django Security Alert: High-Severity SQL Injection Flaw (CVE-2025-59681) Fixed in Latest Updates
The Django team has issued new releases for the popular Python web framework, addressing two that could lead to SQL injection and directory…
DoS Flaws in Argo CD: Unauthenticated Attackers Can Crash Kubernetes Server with Single Request
The Argo CD project has released patches addressing several denial-of-service (DoS) that could allow attackers to crash the argocd-server…
CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application
The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued a advisory warning of a critical in the Megasys Telenium Online Web…
That annoying SMS phish you just got may have come from a box like this
The researchers added: “This campaign is notable in that it demonstrates how impactful smishing operations can be executed using simple,…
Data breach at dealership software provider impacts 766k clients
A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000…
WestJet Confirms Passenger IDs and Passports Stolen in Cyberattack
WestJet, a leading Canadian airline based in Calgary, has confirmed that a cybersecurity attack exposed personal information belonging to some…
Adobe Analytics bug leaked customer tracking data to other tenants
Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances…
'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover
A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data,…
New bug in classic Outlook can only be fixed via Microsoft support
Microsoft is investigating a known issue that causes the classic Outlook email client to crash upon launch, which can only be…
Android malware uses VNC to give attackers hands-on access
A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000…
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security…
F-Droid project threatened by Google's new dev registration rules
F-Droid is warning that the project could reach an end due to Google’s new requirements for all Android developers to verify their…
Microsoft to force install Microsoft 365 companion apps in October
Later this month, Microsoft will start automatically installing the Microsoft 365 companion apps on Windows 11 devices that have the Microsoft…
Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
WestJet data breach exposes travel details of 1.2 million customers
This story was updated with new information on the number of customers impacted. Canadian airline WestJet is informing customers that the…
Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks
A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people…
Broadcom Issues Patches for VMware NSX and vCenter Security Flaws
A set of substantial security updates for VMware NSX and vCenter has been released by Broadcom, addressing multiple high-severity…
Google Drive for desktop gets AI-powered ransomware detection
Google has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it…
Navigating Complexity: CISO Strategies for Security Tool Consolidation and Budget Optimization
In the dynamic landscape of modern cybersecurity, Chief Information Security Officers (CISOs) often face a paradoxical challenge: the…
Shortcut-based Credential Lures Deliver DLL Implants
A campaign that packages credential-themed ZIP archives with malicious Windows shortcut (.lnk) files has been tracked by cybersecurity…
Allianz Life says July data breach impacts 1.5 million people
Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are…
Microsoft: Media Creation Tool broken on Windows 11 Arm64 PCs
After rolling out Windows 11 25H2, also known as Windows 11 2025 Update, Microsoft has confirmed that the Media Creation Tool has stopped…
CISA Warns of Cisco IOS and IOS XE SNMP Vulnerabilities Exploited in Attacks
Cisco’s Simple Network Management Protocol (SNMP) implementations in IOS and IOS XE have come under intense scrutiny following reports…
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if…
Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer
New research from Infoblox Threat Intel has revealed that an established, persistent group of cybercriminals, Detour Dog, has been silently…
Navigating Holiday Threats: Strengthening PC Resilience with Desktops as a Service (DaaS)
The holiday season, often seen as a time for joy and celebration, has transformed into a crucial period for organizational cybersecurity. With…
Learn How Leading Security Teams Blend AI + Human Workflows (Free Webinar)
AI is changing automation—but not always for the better. That's why we're hosting a new webinar, "Workflow Clarity: Where AI Fits in…
London Court Convicts Chinese Mastermind Behind £5bn Crypto Seizure
The mastermind behind one of China’s largest financial frauds has pleaded guilty in a London court, confessing to her role in laundering…