Patch Tuesday, October 2025 ‘End of 10’ Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two…
Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack
Spooky season is in full swing, and this extends to Microsoft's October Patch Tuesday with security updates for a frightful 175 Microsoft…
Patch Tuesday October 2025: Three Zero-days Under Attack
Microsoft’s Patch Tuesday October 2025 included fixes for 175 vulnerabilities, including three exploited zero-days and 13 additional…
Final Windows 10 Patch Tuesday update rolls out as support ends
In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final cumulative update for the…
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day…
Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four…
Oracles silently fixes zero-day exploit leaked by ShinyHunters
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a…
Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover
After discovering that hackers were exploiting a zero-day in the Chakra JavaScript engine used by Internet Explorer versions 9, 10, and 11,…
Microsoft restricts IE mode access in Edge after zero-day attacks
Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in…
AI vs AI: The Future of Cybersecurity Is Machine vs. Machine. Is the human factor still relevant?
How Artificial Intelligence is transforming both cyber defense and cybercrime by Venkatesh Apsingekar, Senior Engineering Manager –…
Oracle releases emergency patch for new E-Business Suite flaw
Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited…
Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Every week, the cyber world reminds us that silence doesn't mean safety. Attacks often begin quietly — one unpatched flaw, one…
Harvard investigating breach linked to Oracle zero-day exploit
Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged…
Apple Bug Bounty Payouts Can Now Top $5m
Apple has doubled its top award for ethical hacking discoveries to $2m, although security researchers could earn even more if they’re…
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow…
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884). About…
Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from…
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware…
Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)
The Zero Day Initiative (ZDI) has published details of two critical in the popular open-source compression utility 7-Zip, which could allow…
Hackers exploiting zero-day in Gladinet file sharing software
Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local…
Zero-day in file-sharing software leads to RCE, and attacks are ongoing
Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available…
Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit
The Clop ransomware group likely began targeting Oracle E-Business Suite (EBS) instances as early as August 9, successfully exfiltrating a…
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet…
Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks
An active in-the-wild exploitation of a zero-day vulnerability in Gladinet CentreStack and Triofox products. Tracked as CVE-2025-11371, the…
Google Warns of CL0P Ransomware Group Actively Exploiting Oracle E-Business Suite Zero-Day
The cybersecurity landscape faces a new and significant threat as the notorious CL0P ransomware group has launched a large-scale extortion…
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS)…
October 2025 Patch Tuesday forecast: The end of a decade with Microsoft
A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after…
CL0P Extortion: Google/Mandiant Expose Zero-Day RCE in Oracle E-Business Suite (CVE-2025-61882)
Google Threat Intelligence Group (GTIG) and Mandiant have jointly disclosed an extensive data theft and extortion campaign targeting Oracle…
Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI
Huntress has sounded the alarm over active exploitation of a newly discovered Local File Inclusion (LFI) in Gladinet CentreStack and Triofox…
RondoDox Botnet Unleashed: New Malware Uses ‘Exploit Shotgun’ to Target 50+ Router and IoT Flaws
Trend Micro has uncovered a rapidly expanding botnet campaign dubbed RondoDox, which is targeting a wide spectrum of internet-exposed devices…
RondoDox botnet targets 56 n-day flaws in worldwide attacks
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first…
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to…
Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code
Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and…
CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks
CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite…
Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog
A cross-site scripting (XSS) in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has been confirmed to be…
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has…
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early…
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as…
Clop raid on Oracle E-Business Suite started months ago, researchers warn
Security boffins say the Clop cybercriminal gang has been rummaging through Oracle's E-Business Suite (EBS) for months – and now the…
CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day
A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as…
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass – PoC Released
Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall…
Attackers Deployed Medusa Ransomware via GoAnywhere MFT Zero-Day
Cybercriminals exploited a critical deserialization flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) tool—tracked as…