Internet Security

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

October 7, 2025 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Synacor Zimbra... Read more »

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

October 7, 2025 add comment
Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing easy remote code execution via License Servlet bug. A cybercrime group, tracked as Storm-1175, has been actively exploiting a... Read more »

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

October 7, 2025 add comment
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle... Read more »

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog

October 7, 2025 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security... Read more »

Discord discloses third-party breach affecting customer support data

October 6, 2025 add comment
Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info. Discord disclosed a breach at a third-party... Read more »

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

October 6, 2025 add comment
Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerability,... Read more »

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

October 6, 2025 add comment
LinkedIn sued ProAPIs and its CEO Rahmat Alam for running millions of fake accounts to scrape and sell user data, charging up to $15,000 per month. LinkedIn has filed... Read more »

Zimbra users targeted in zero-day exploit using iCalendar attachments

October 6, 2025 add comment
Threat actors exploited a Zimbra zero-day via malicious iCalendar (.ICS) files used to deliver attacks through calendar attachments. StrikeReady researchers discovered that threat actors exploited the vulnerability CVE-2025-27915 in... Read more »

Reading the ENISA Threat Landscape 2025 report

October 6, 2025 add comment
ENISA Threat Landscape 2025: Rising ransomware, AI phishing, and state-backed espionage mark a converging, persistent EU cyber threat landscape. ENISA Threat Landscape 2025 report provides a comprehensive analysis of... Read more »

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

October 5, 2025 add comment
Attackers can weaponize AWS X-Ray as a covert bidirectional C2 channel, abusing legitimate cloud tracing infrastructure for C2. Summary & Background: Before we get started, if you haven’t had... Read more »
Subscribe to our Newsletter