Zero-day in file-sharing software leads to RCE, and attacks are ongoing
Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available…
SaaS Breaches Start with Tokens – What Security Teams Must Watch
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen…
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the…
Cyber-Attack Contributes to Huge Sales Drop at JLR
Jaguar Land Rover (JLR) has revealed a 25% drop in volume sales in the three months up to September 30, largely as a result of the ongoing…
Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin
researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass in the Service Finder Bookings plugin…
Salesforce refuses to pay ransom over widespread data theft attacks
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that…
Clop raid on Oracle E-Business Suite started months ago, researchers warn
Security boffins say the Clop cybercriminal gang has been rummaging through Oracle's E-Business Suite (EBS) for months – and now the…
Researchers Uncover 13-Year-Old Redis Flaw Impacting Nearly 330,000 Instances
Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua…
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
Renault Informs Customers of Supply Chain Data Breach
Carmaker Renault has been forced to notify an unspecified number of customers that their personal data may have been compromised by threat…
How Can IT Security Professionals Best Navigate the CMMC Maze?
For companies still treating the Cybersecurity Maturity Model Certification (CMMC) as an IT-only concern, the risks are growing. Developed by…
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…
Clop Ransomware Targets Oracle E-Business Suite: Extortion Wave Hits Global Enterprises
A new wave of extortion attacks linked to the Clop ransomware group has recently shaken organizations using Oracle E-Business Suite (EBS),…
Renault and Dacia UK warn of data breach impacting customers
Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was…
Revolutionizing Third Party Risk Management: The Future with Autonomous Pen-Testing
In today’s interconnected digital landscape, businesses are more dependent than ever on third-party vendors and partners. While these…
Japan’s Beer Taps Fear Running Dry as Cyberattack on Asahi Disrupts Production
Japan’s largest brewery, Asahi Group Holdings, is racing against time as it struggles to recover from a cyberattack that has severely…
Red Hat Confirms Data Breach After Hackers Claim to Steal 570GB of Private GitHub Repositories
Red Hat, the world’s leading enterprise open-source software provider, has officially confirmed a significant security incident…
Renault UK Customer Records Stolen in Third-Party Breach
Renault UK is informing customers that their personal data may have been compromised following a cyberattack on one of its third-party service…
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to…
Expired US Cyber Law Puts Data Sharing and Threat Response at Risk
A critical US law that shields companies from legal liability when sharing cyber threat intelligence has expired after lawmakers failed to…
Phishing Dominates EU-Wide Intrusions, says ENISA
Phishing and vulnerability exploitation accounted for the vast majority of initial access in cyber-attacks against EU organizations over the…
Red Hat confirms security incident after hackers breach GitLab instance
Correction: After publishing, Red Hat confirmed that it was a breach of one of its GitLab instances, and not GitHub. Title and story updated.…
Red Hat confirms security incident after hackers claim GitHub breach
An extortion group calling itself the Crimson Collective claims to have breached Red Hat's private GitHub repositories, stealing nearly 570GB…
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security…
Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access
The of the open-source software supply chain was once again tested when JFrog’s research team uncovered a malicious package on PyPI. The…
CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog
The threat landscape continues to evolve rapidly and staying ahead of actively exploited vulnerabilities is key to effective cybersecurity…
Achieving Crypto Agility Through eFPGA: A Prerequisite for Secure ASIC and SoC Designs
In an era where digital threats evolve daily and quantum computing looms on the horizon, the need for true crypto agility has never been more…
Asahi Suspends Operations in Japan After Cyber-Attack
Brewing giant Asahi has suspended operations in Japan following a “system failure” caused by a cyber-attack. The firm, which is headquartered…
Evolving Enterprise Defense to Secure the Modern AI Supply Chain
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors…
UK govt backs JLR with £1.5 billion loan guarantee after cyberattack
The UK Government is providing Jaguar Land Rover (JLR) with a £1.5 billion loan guarantee to restore its supply chain after a…
National Cyber Authorities Launch OT Security Guidance
National cybersecurity agencies from seven countries, including the Five Eyes nations, have released new operational technology (OT) security…
Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden…
Harrods Reveals Supply Chain Breach Impacting Online Customers
Luxury London department store Harrods has revealed that some of its e-commerce customers have had their personal information stolen via a…
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted…
DLL Hijacking Flaw (CVE-2025-56383) Found in Notepad++, Allowing Arbitrary Code Execution, PoC Available
A newly disclosed in Notepad++ v8.8.3 has been assigned CVE-2025-56383. The , rated CVSS 6.5, allows attackers to hijack Notepad++’s DLL…
Prompt Injection and Model Poisoning: The New Plagues of AI Security
You wake up. Your AI wakes up. Somewhere, a stranger types a sentence, and your AI listens. This is not science fiction. This is the…
EU probes SAP over anti-competitive ERP support practices
The European Comission is investigating potential anti-competitive practices in aftermarket services SAP provides for its on-premise ERP…
2025 Ransomware Trends: How Australia’s Wealth Makes It a Prime Target
Australia’s strong economy and high per-capita wealth have made it a prime target for ransomware groups, with the country facing a…
JLR Begins Phased Restart of Operations After Cyber-Attack
Jaguar Land Rover (JLR) has begun a phased restart of operations following the devastating cyber-attack which curtailed production activities…
When Airports Go Dark: What The Weekend’s Cyber-attacks Tell Us About Business Risk
Varun Uppal, founder and CEO of Shinobi Security Over the weekend, airports across Europe were thrown into chaos after a cyber-attack on one…