Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targe…
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the…
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the…
Oracle patches EBS zero-day exploited in Clop data theft attacks
Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform…
Hackers exploited Zimbra flaw as zero-day using iCalendar files
Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in…
How Can IT Security Professionals Best Navigate the CMMC Maze?
For companies still treating the Cybersecurity Maturity Model Certification (CMMC) as an IT-only concern, the risks are growing. Developed by…
ParkMobile pays… $1 each for 2021 data breach that hit 22 million
ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users. But…
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…
Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used…
Addressing the CL0P Extortion Campaign Targeting Oracle E-Business Suite (EBS) Users
Cybereason is continuing to investigate. Check the Cybereason blog for additional updates. Overview and What Cybereason Knows So Far…
Leaked Apple iPad Pro M5 benchmark shows massive improvements
A new leaked benchmark shows Apple's alleged M5 chip on an iPad, and it's almost as fast as a desktop CPU. We know that Apple is really good…
ChatGPT social could be a thing, as leak shows direct messages support
OpenAI doesn't want ChatGPT to remain just a chatbot for interacting with a large language model. OpenAI already has Sora 2, which has a…
OpenAI rolls out GPT Codex Alpha with early access to new models
OpenAI's Codex is already making waves in the vibe coding vertical, and it's now set to get even better. For those unaware, Codex runs in…
OpenAI wants ChatGPT to be your emotional support
GPT-5 isn't as good as GPT-4o when it comes to emotional support, but that changes today. As first spotted by BleepingComputer, ChatGPT has…
OpenAI prepares $4 ChatGPT Go for several new countries
OpenAI has been testing a new, cheaper ChatGPT plan called "Go," and it's now rolling out to more regions. We previously thought it…
500X Surge in Scanning Targets Palo Alto and Cisco ASA
Enterprise security teams are on high alert after an extraordinary 500% spike in mass scanning activity was detected against Palo Alto…
CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by…
Massive surge in scans targeting Palo Alto Networks login portals
A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses,…
Breaking Point: Storage & Backup Systems
Surging Cyber Threats: Actively Exploited Vulnerabilities in Storage and Backup Systems Enterprise storage and backup systems have become a…
New Study Warns Several Free iOS and Android VPN Apps Leak Data
Millions who rely on free mobile Virtual Private Network (VPN) apps for online privacy may actually be putting their data at greater risk,…
Discord discloses data breach after hackers steal support tickets
Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users…
Hackers steal identifiable Discord user data in third-party breach
Hackers stole partial payment information and personally identifying data associated with some Discord users after compromising a third-party…
Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login…
Clop Ransomware Targets Oracle E-Business Suite: Extortion Wave Hits Global Enterprises
A new wave of extortion attacks linked to the Clop ransomware group has recently shaken organizations using Oracle E-Business Suite (EBS),…
Opera wants you to pay $19.90 per month for its new AI browser
Opera Neon is a new browser that puts AI in control of your tabs and browsing activities, but it'll cost $19.90 per month. The AI wave is…
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's…
Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed
A new leak site has gone live, operated by the notorious group calling itself “Scattered Lapsus$ Hunters,” (a coalition that…
Signal adds new cryptographic defense against quantum attacks
Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing…
Innovator Spotlight: Singulr AI
The AI Governance Tightrope: Enabling Innovation Without Compromising Security Cybersecurity leaders are facing a critical inflection…
Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns
The cybersecurity firm Bitsight has issued a major warning about a rapid increase in critical systems left vulnerable on the public internet.…
Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as…
Renault and Dacia UK warn of data breach impacting customers
Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was…
AI on the Frontlines: How Agentic AI is Revolutionizing Cyber Defense
Quick Summary: AI agents enable security teams to surge ahead of the most advanced threats using automated decision-making, real…
Chinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO Fraud
A Chinese-speaking cybercrime group is hijacking trusted Internet Information Services (IIS) worldwide to run SEO scams that redirect users to…
Japanese beer giant Asahi confirms ransomware attack
Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories…
ShinyHunters launches Salesforce data leak site to extort 39 victims
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches,…
CommetJacking attack tricks Comet browser into stealing emails
A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow…
The Good, the Bad and the Ugly in Cybersecurity – Week 40
The Good | UK Convicts “Bitcoin Queen” in World’s Largest Cryptocurrency Seizure This week, a court in the UK convicted…
Revolutionizing Third Party Risk Management: The Future with Autonomous Pen-Testing
In today’s interconnected digital landscape, businesses are more dependent than ever on third-party vendors and partners. While these…
Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers
Cybersecurity experts are on high alert as a group claiming ties to the infamous Cl0p ransomware gang is bombarding companies with emails that…
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were…
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The…
Hackers Attempting to Exploit Grafana Vulnerability that Enables Arbitrary File Reads
Grafana, the popular open-source analytics and visualization platform, has once again become the target of a large‐scale, coordinated…