Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Western Sydney Unive ...

 Firewall Daily

Western Sydney University has recently fallen victim to a scam involving fraudulent emails sent to current students and alumni. These emails falsely claimed that recipients’ degrees had been revoked and that they were permanently excluded from continuing their studies at the university.  The Scam Emails and Their   show more ...

Impact on Students  The scam, which has caused considerable confusion and anxiety, involved at least two different emails purportedly sent from accounts appearing legitimate. One of the emails informed students: “We regret to inform you that, following a thorough review, the decision has been made to permanently exclude you from any further study at Western Sydney University.” It went further to state that “any existing certificates or awards previously issued to you are hereby revoked,” adding that this decision, as per university policy, was final and binding.  Recipients were warned that their enrolments in all subjects would be immediately cancelled, and their access to student systems, including online learning platforms, email, and library services, would be revoked without delay. Some of those targeted reported receiving these threatening emails despite having already graduated or having never completed their studies at the institution.  Adding to the confusion, students also received a suspicious message from an email address labeled “Parking Permits,” which alleged a student had exploited vulnerabilities to generate a false parking permit and access university email accounts.  The exact number of individuals affected by this university scam remains unclear, as does whether personal data beyond what was displayed in the emails has been accessed or compromised.  Western Sydney University and Police Response to the Scam in University Systems  Western Sydney University responded by confirming awareness of the fraudulent emails. A university spokesperson told 9news.com.au: “Western Sydney University is aware of fraudulent emails sent to students and graduates, with some falsely claiming that they have been excluded from the University or that their qualifications have been revoked. These emails are not legitimate and were not issued by the university. We are reaching out to inform people that the email is fraudulent and have informed NSW Police. We sincerely apologize for any concern this may have caused.”  Despite the university’s statement, some students criticized Western Sydney University for its delayed communication. Several recipients reported that they learned the emails were fake only through media reports and that attempts to contact the university by phone resulted in long hold times or no meaningful responses. One student commented, “The uni has done nothing so far and it's 10.30am. Not even an email.” Another expressed frustration: “Despite repeated attempts to contact the university, we have received no meaningful response or support. They are now being left to suffer in silence.”  Due to the ongoing nature of the investigation, Western Sydney University declined to provide further comment.  This recent university scam is not the first security incident at Western Sydney University. Earlier this year, the personal information of approximately 10,000 students was leaked and appeared on the dark web. 

image for Google Launches Dedi ...

 Firewall Daily

Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its flagship Gemini platform.  This new program is an evolution of Google's earlier efforts to incentivize ethical   show more ...

hacking and vulnerability reporting, particularly after the expansion of its Abuse VRP in 2023. That earlier initiative, which integrated AI into the traditional vulnerability reward system, yielded promising results. Since its inception, over $430,000 has been awarded to researchers for findings related solely to AI products. The success of that effort, as acknowledged by Security Engineering Managers Jason Parsons and Zak Bennett, laid the groundwork for launching a more defined and comprehensive reward system focused exclusively on AI. Why the New Google AI VRP? Google admits that until now, the scope of AI-related bug reports was ambiguous. Researchers were unsure which types of issues qualified for rewards and where to report certain bugs. As a response, the company has created a standalone AI VRP, combining both security vulnerabilities and abuse issues under a single reward structure.  Parsons and Bennett noted that the lack of clarity was a key concern: “We’ve heard that the scope of AI rewards wasn’t always clear,” they said. The updated program addresses this by defining specific categories and aligning rewards based on impact, novelty, and product sensitivity.  What Counts as Vulnerability? The AI VRP outlines eight distinct categories, ranging from S1 to A6:  S1: Rogue Actions – Attacks that can alter a victim's account or data with significant security consequences (up to $20,000).  S2: Sensitive Data Exfiltration – Leaks involving personal or sensitive data.  A1 to A6 – Cover scenarios such as phishing enablement, model theft, context manipulation, access control bypass, unauthorized product usage, and cross-user denial of service.  Depending on the severity and creativity of the report, bonuses can raise the total reward to $30,000.  What’s Not Covered? Google has made it clear that content-related issues, such as hallucinations, alignment problems, prompt injections, and jailbreaks, are not covered under the AI VRP. These issues, though acknowledged as important, require long-term analysis and model refinement, which doesn’t align with the structure of VRPs. Instead, Google urges users to report these issues using in-product feedback tools.  “We don't believe a Vulnerability Reward Program is the right format for addressing content-related issues,” the company states, adding that such concerns need cross-disciplinary solutions involving model updates, content reviewers, and broader trend analysis.  Still, the company encourages users to continue submitting such feedback — just through the right channels.  Key AI Products in Scope Google has categorized its AI products into three tiers under the new VRP:  Flagship Tier: Includes high-profile tools like Google Search, Gemini Apps (across Web, Android, iOS), and core Google Workspace apps such as Gmail, Docs, Sheets, and Meet. These offer the highest payouts.  Standard Tier: Covers products like AI Studio, Jules, and non-core Workspace tools like NotebookLM and AppSheet.  Other Tier: Encompasses miscellaneous AI features in lesser-known or third-party products, often rewarded with credits instead of cash.  Notably, issues related to Vertex AI and gemini-cli remain under the jurisdiction of the Google Cloud VRP, not the AI VRP.  Reward Breakdown Here's how payouts are structured:  Category  Flagship  Standard  Other  S1: Rogue Actions  $20,000  $15,000  $10,000  S2: Sensitive Data Exfiltration  $15,000  $15,000  $10,000  A1–A6  Ranges from $5,000 to $500  Credits in some cases    These figures can increase with multipliers for report quality and novelty. A truly innovative vulnerability report, particularly if it can hack Gemini or another flagship product, could earn up to the $30,000 maximum. 

image for The Cyber Express Jo ...

 Firewall Daily

The Cyber Express is proud to announce that it is the official media partner for c0c0n 2025, India's longest-running cybersecurity and hacking conference. Now in its 17th edition, c0c0n will return to Kochi from October 7–11, 2025, with an expanded agenda that promises to bring together some of the sharpest   show more ...

minds in cybersecurity—from government officials to ethical hackers, researchers, and private-sector leaders.  Organized at the Grand Hyatt, Bolgatty, Kochi, c0c0n 2025 is more than just a conference—it's a dynamic forum that tackles the most pressing issues in cybersecurity, data protection, digital forensics, child safety, and online threats.  A Conference That Leads from the Front  For 17 years, c0c0n has served as a trusted platform for collaboration between law enforcement agencies, defense organizations, academia, industry, and the hacker community. The 2025 edition is no exception and is set to push the boundaries further with hands-on training, keynotes, technical tracks, and multi-stakeholder dialogues.  The conference kicks off with intensive training sessions from October 7–9, followed by the main conference on October 10–11.  Deep-Dive Technical Trainings  This year’s training lineup features global security experts offering specialized courses in:  Windows Kernel Exploitation  Multi-Cloud Security  Mobile App Hacking (Android & iOS)  Automotive Security  Red Team Operations  OSINT, Telecom Security, and more  These trainings are designed for professionals seeking to upgrade their practical knowledge in real-world offensive and defensive cyber operations.  Spotlight on CSEA and LEA Tracks  One of the key highlights of c0c0n 2025 is the CSEA Track—a dedicated stream that focuses on Child Sexual Exploitation and Abuse (CSEA). This track facilitates collaboration between global law enforcement agencies, NGOs, and cybersecurity professionals to combat online child exploitation. The event will also feature the OCSEA Kochi Declaration, an important policy-oriented outcome from ongoing global dialogue in this space.  Additionally, the LEA Track will bring together Law Enforcement Agencies (LEAs) from around the world to discuss cross-border cybercrime cooperation, threat intelligence sharing, and legal frameworks for international cyber enforcement.  High-Stakes CTF and Interactive Villages  The Capture the Flag (CTF) competitions at c0c0n are some of the most competitive in the region, attracting both students and professionals. Online qualifiers are held in the run-up to the main event, with finalists competing live in Kochi.  Interactive villages will also return, including:  AI Security Village  IoT Village  Telecom Security Zone  Phishing Simulation Labs  Lock Picking & Hardware Hacking Corners  These spaces provide hands-on exploration of vulnerabilities and encourage a practical understanding of the attack and defense lifecycle.  Keynote Speakers and Leadership  The speaker roster for c0c0n 2025 is composed of high-ranking officials and thought leaders in cybersecurity, including:  Shri Govind Mohan, IAS – Union Home Secretary, Government of India  Dr. Ajay Kumar – Chairman, UPSC; Former Defence Secretary  Shri Navin Kumar Singh, IPS – National Cybersecurity Coordinator  Rear Admiral Sanjay Sachdeva, NM – Director General, Defence Cyber Agency  The conference is chaired by Shri Ravada Azad Chandra Sekhar, IPS (DGP, Kerala), with advisory support from leaders such as Dr. S. Somanath (ISRO) and Lt. Gen. M.U. Nair (Retd).  Who Should Attend?  c0c0n 2025 is tailored for professionals across industries such as:  BFSI  Telecom  Fintech  Manufacturing  Government & Defense  IT/ITES  E-commerce  Healthcare  Academia  It is an essential gathering for those involved in cyber policy, incident response, vulnerability management, penetration testing, and compliance.  The Cyber Express: At the Frontlines of Cybersecurity Journalism  As a global cybersecurity media platform powered by Cyble, The Cyber Express brings deep expertise in AI-driven threat intelligence and real-time reporting on cyber threats. With a mission to empower the digital ecosystem through verified, actionable information, The Cyber Express is thrilled to partner with c0c0n 2025.  This partnership will ensure extensive coverage of the event, including live updates, exclusive interviews, keynote takeaways, and research highlights. It is also a reaffirmation of The Cyber Express’ commitment to building resilient cyber communities by facilitating the exchange of knowledge and best practices.  How to Get Involved  Whether you're a cybersecurity professional, policymaker, student, or researcher, there are multiple ways to participate:  Register for Trainings and Conference  Submit Your Research  Become a Sponsor or Exhibitor  Engage with The Cyber Express for Live Coverage and Insights  To learn more or to register, visit the official c0c0n website. Stay connected with The Cyber Express for real-time updates and stories from c0c0n 2025.  

image for Airline-mimicking fr ...

 Business

Our experts have detected a fraudulent email campaign on behalf of well-known airlines and airports. Since the beginning of September, our solutions have detected and blocked thousands of similar emails in which scammers posed as employees of Amsterdam Schiphol, Emirates Airlines, Etihad Airways, Lufthansa, Qatar   show more ...

Airways, and other well-known large aviation-related companies. Our experts then started discovering similar mailings exploiting the names of companies in the oil and gas sector. The attackers are imitating normal business correspondence, pretending to be looking for new partners and targeting companies of various sizes and from various industries. The essence of the scheme boils down to convincing the recipients of emails to transfer money to the fraudsters’ accounts. How the fraudulent scheme works Attackers try to draw the victim into a correspondence exchange. At the first stage, they send the victim a rather innocuous email on behalf of the procurement department of a major airline or airport, in which they announce the start of a partnership program for 2025/2026, and offer them mutually beneficial cooperation. If the recipient responds, the second stage begins: they send several documents to divert attention — registration forms for a new partner, non-disclosure agreements, and so on. These emails don’t contain malicious attachments or links, and there are no hidden scripts in the documents, so basic defense mechanisms don’t always block such correspondence. Attackers use only social engineering techniques. In the next letter they ask to pay a certain “mandatory refundable deposit as an expression of interest” of around several thousand dollars. The purpose of this payment is supposedly to secure a priority place on the schedule for consideration of partnership proposals. And the authors of the email give assurances that once the partnership agreement is finalized the money will be returned. How to realize there’s something wrong with the email The letters used in this campaign look very plausible, but some inconsistencies can still be detected with the naked eye. The first thing to look closely at is the sender’s email address. It often contains the name of the organization whose employees the scammers are imitating. But if you search for the company’s real website and examine email addresses listed in the contact section, you’ll see that the legitimate addresses of the airport or airline employees have a different domain name. Sometimes attackers don’t bother to keep the From field plausible at all, and simply write the name of the imitated organization in the displayed name field, so you can see a completely unrelated domain in the email address field. The general rule for business correspondence that for some reason raises suspicion: if there are any doubts, you can write a letter to the address specified on the official website of the company and clarify whether an affiliate program mentioned in the emails really exists, whether the sender works for this company, and whether the address used in a suspicious email is their real email. But the main red flag is the offer to make a deposit to “express interest”. Respectable companies don’t work that way. They choose partners, suppliers, and contractors after a serious and comprehensive business reputation check — not based on the ability to transfer a small (by their standards) amount of money. How to protect your company from fraudsters Ideally, you should implement solutions that prevent fraudulent, phishing and malicious emails from reaching employee inboxes in the first place. We recommend installing strong protection at the corporate email gateway level. Another important aspect of protecting your company from cyberthreats is to increase employee awareness of scammers’ tricks and other cyberthreats. Particular attention should be paid to training for finance, sales and procurement staff. Comprehensive training sessions can be conducted, for example, via our online Kaspersky Automated Security Awareness Platform.

image for ShinyHunters Wage Br ...

 A Little Sunshine

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent   show more ...

breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat. The new extortion website tied to ShinyHunters (UNC6040), which threatens to publish stolen data unless Salesforce or individual victim companies agree to pay a ransom. In May 2025, a prolific and amorphous English-speaking cybercrime group known as ShinyHunters launched a social engineering campaign that used voice phishing to trick targets into connecting a malicious app to their organization’s Salesforce portal. The first real details about the incident came in early June, when the Google Threat Intelligence Group (GTIG) warned that ShinyHunters — tracked by Google as UNC6040 — was extorting victims over their stolen Salesforce data, and that the group was poised to launch a data leak site to publicly shame victim companies into paying a ransom to keep their records private. A month later, Google acknowledged that one of its own corporate Salesforce instances was impacted in the voice phishing campaign. Last week, a new victim shaming blog dubbed “Scattered LAPSUS$ Hunters” began publishing the names of companies that had customer Salesforce data stolen as a result of the May voice phishing campaign. “Contact us to negotiate this ransom or all your customers data will be leaked,” the website stated in a message to Salesforce. “If we come to a resolution all individual extortions against your customers will be withdrawn from. Nobody else will have to pay us, if you pay, Salesforce, Inc.” Below that message were more than three dozen entries for companies that allegedly had Salesforce data stolen, including Toyota, FedEx, Disney/Hulu, and UPS. The entries for each company specified the volume of stolen data available, as well as the date that the information was retrieved (the stated breach dates range between May and September 2025). Image: Mandiant. On October 5, the Scattered LAPSUS$ Hunters victim shaming and extortion blog announced that the group was responsible for a breach in September involving a GitLab server used by Red Hat that contained more than 28,000 Git code repositories, including more than 5,000 Customer Engagement Reports (CERs). “Alot of folders have their client’s secrets such as artifactory access tokens, git tokens, azure, docker (redhat docker, azure containers, dockerhub), their client’s infrastructure details in the CERs like the audits that were done for them, and a whole LOT more, etc.,” the hackers claimed. Their claims came several days after a previously unknown hacker group calling itself the Crimson Collective took credit for the Red Hat intrusion on Telegram. Red Hat disclosed on October 2 that attackers had compromised a company GitLab server, and said it was in the process of notifying affected customers. “The compromised GitLab instance housed consulting engagement data, which may include, for example, Red Hat’s project specifications, example code snippets, internal communications about consulting services, and limited forms of business contact information,” Red Hat wrote. Separately, Discord has started emailing users affected by another breach claimed by ShinyHunters. Discord said an incident on September 20 at a “third-party customer service provider” impacted a “limited number of users” who communicated with Discord customer support or Trust & Safety teams. The information included Discord usernames, emails, IP address, the last four digits of any stored payment cards, and government ID images submitted during age verification appeals. The Scattered Lapsus$ Hunters claim they will publish data stolen from Salesforce and its customers if ransom demands aren’t paid by October 10. The group also claims it will soon begin extorting hundreds more organizations that lost data in August after a cybercrime group stole vast amounts of authentication tokens from Salesloft, whose AI chatbot is used by many corporate websites to convert customer interaction into Salesforce leads. In a communication sent to customers today, Salesforce emphasized that the theft of any third-party Salesloft data allegedly stolen by ShinyHunters did not originate from a vulnerability within the core Salesforce platform. The company also stressed that it has no plans to meet any extortion demands. “Salesforce will not engage, negotiate with, or pay any extortion demand,” the message to customers read. “Our focus is, and remains, on defending our environment, conducting thorough forensic analysis, supporting our customers, and working with law enforcement and regulatory authorities.” The GTIG tracked the group behind the Salesloft data thefts as UNC6395, and says the group has been observed harvesting the data for authentication tokens tied to a range of cloud services like Snowflake and Amazon’s AWS. Google catalogs Scattered Lapsus$ Hunters by so many UNC names (throw in UNC6240 for good measure) because it is thought to be an amalgamation of three hacking groups — Scattered Spider, Lapsus$ and ShinyHunters. The members of these groups hail from many of the same chat channels on the Com, a mostly English-language cybercriminal community that operates across an ocean of Telegram and Discord servers. The Scattered Lapsus$ Hunters darknet blog is currently offline. The outage appears to have coincided with the disappearance of the group’s new clearnet blog — breachforums[.]hn — which vanished after shifting its Domain Name Service (DNS) servers from DDoS-Guard to Cloudflare. But before it died, the websites disclosed that hackers were exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite software. Oracle has since confirmed that a security flaw tracked as CVE-2025-61882 allows attackers to perform unauthenticated remote code execution, and is urging customers to apply an emergency update to address the weakness. Mandiant’s Charles Carmichael shared on LinkedIn that CVE-2025-61882 was initially exploited in August 2025 by the Clop ransomware gang to steal data from Oracle E-Business Suite servers. Bleeping Computer writes that news of the Oracle zero-day first surfaced on the Scattered Lapsus$ Hunters blog, which published a pair of scripts that were used to exploit vulnerable Oracle E-Business Suite instances. On Monday evening, KrebsOnSecurity received a malware-laced message from a reader that threatened physical violence unless their unstated demands were met. The missive, titled “Shiny hunters,” contained the hashtag $LAPSU$$SCATEREDHUNTER, and urged me to visit a page on limewire[.]com to view their demands. A screenshot of the phishing message linking to a malicious trojan disguised as a Windows screenshot file. KrebsOnSecurity did not visit this link, but instead forwarded it to Mandiant, which confirmed that similar menacing missives were sent to employees at Mandiant and other security firms around the same time. The link in the message fetches a malicious trojan disguised as a Windows screenshot file (Virustotal’s analysis on this malware is here). Simply viewing the booby-trapped screenshot image on a Windows PC is enough to cause the bundled trojan to launch in the background. Mandiant’s Austin Larsen said the trojan is a commercially available backdoor known as ASYNCRAT, which is a .NET-based backdoor that communicates using a custom binary protocol over TCP, and can execute shell commands and download plugins to extend its features. A scan of the malicious screenshot file at Virustotal.com shows it is detected as bad by nearly a dozen security and antivirus tools. “Downloaded plugins may be executed directly in memory or stored in the registry,” Larsen wrote in an analysis shared via email. “Capabilities added via plugins include screenshot capture, file transfer, keylogging, video capture, and cryptocurrency mining. ASYNCRAT also supports a plugin that targets credentials stored by Firefox and Chromium-based web browsers.” Malware-laced targeted emails are not out of character for certain members of the Scattered Lapsus$ Hunters, who have previously harassed and threatened security researchers and even law enforcement officials who are investigating and warning about the extent of their attacks. With so many big data breaches and ransom attacks now coming from cybercrime groups operating on the Com, law enforcement agencies on both sides of the pond are under increasing pressure to apprehend the criminal hackers involved. In late September, prosecutors in the U.K. charged two alleged Scattered Spider members aged 18 and 19 with extorting at least $115 million in ransom payments from companies victimized by data theft. U.S. prosecutors heaped their own charges on the 19 year-old in that duo — U.K. resident Thalha Jubair — who is alleged to have been involved in data ransom attacks against Marks & Spencer and Harrods, the British foot retailer Co-op Group, and the 2023 intrusions at MGM Resorts and Caesars Entertainment. Jubair also was allegedly a key member of LAPSUS$, a cybercrime group that broke into dozens of technology companies beginning in late 2021. A Mastodon post by Kevin Beaumont, lamenting the prevalence of major companies paying millions to extortionist teen hackers, refers derisively to Thalha Jubair as a part of an APT threat known as “Advanced Persistent Teenagers.” In August, convicted Scattered Spider member and 20-year-old Florida man Noah Michael Urban was sentenced to 10 years in federal prison and ordered to pay roughly $13 million in restitution to victims. In April 2025, a 23-year-old Scottish man thought to be an early Scattered Spider member was extradited from Spain to the U.S., where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims.

 Feed

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to

 Feed

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: “

 Feed

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News. "Announced shortly

 Feed

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can

 Feed

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company

 Feed

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web

 Data loss

The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. Read more in my article on the Fortra blog.

2025-10
Aggregator history
Wednesday, October 08
WED
THU
FRI
SAT
SUN
MON
TUE
OctoberNovember