Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Windows 10 Hits End ...

 Firewall Daily

Microsoft has officially ended support for Windows 10, affecting hundreds of millions of users worldwide. This decision comes nearly a decade after the operating system's initial release and signals the end of free security updates, bug fixes, and technical support for the platform.  The termination of support   show more ...

leaves all Windows 10 devices exposed to security threats. Without regular updates, these systems become easy targets for cybercriminals, particularly given the OS's extensive user base. It has been well documented that hackers often exploit systems that are no longer patched, turning outdated software into a high-value target for malware and ransomware campaigns.  A Flood of Vulnerabilities for Windows 10 The Cyber Express found that thousands of known vulnerabilities have already been logged in public databases such as ExploitDB. Among the most concerning flaws identified in Windows 10 are:  CVE-2025-29824: A “use after free” issue in the Common Log File System Driver, with a CVSS score of 7.8, actively used in ransomware attacks.  CVE-2025-29809: Insecure storage in Windows Kerberos allows local bypass of security features.  CVE-2025-24997: A null pointer dereference in the Windows Kernel Memory with a denial-of-service vector.  CVE-2025-24993: A heap-based buffer overflow in NTFS, marked as “known exploited,” with a high EPSS score of 2.19%.  CVE-2025-24984: Sensitive data leakage via NTFS log files, also flagged as exploited, with the highest EPSS score noted — 13.87%.  Many of these vulnerabilities allow attackers to escalate privileges, run unauthorized code, or even compromise networks remotely. Several have already been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.  The Windows 11 Upgrade Dilemma Microsoft recommends that users upgrade to Windows 11, which remains under active support and offers improved security features. However, not all PCs are eligible for the upgrade due to stringent hardware requirements. A Forbes report highlights that around 200 million devices worldwide still running Windows 10 do not meet the technical specifications needed for a free upgrade to Windows 11.  What Are the Options for Windows 10 Users? For users unable or unwilling to upgrade, Microsoft outlines a few paths forward:  Upgrade to Windows 11: This is the most secure option, provided the device meets system requirements. Eligible users can check via Settings > Update & Security > Windows Update to see if the upgrade is available.  Purchase a New Windows 11 PC: Users with older, incompatible systems may need to invest in new hardware that supports Windows 11 out of the box.  Extended Security Updates (ESU): A paid subscription plan is available for those who need more time before transitioning. The ESU program offers critical security patches for one additional year but comes with a cost that may not be viable for many consumers.  Continue Using Windows 10 (Unsupported): PCs running Windows 10 will still function, but without updates, they are increasingly susceptible to threats. Microsoft advises backing up data regularly and using extreme caution if choosing this route.  Office Support Is Also Affected The end of support doesn't just apply to the operating system. As of the same date:  Office 2016 and Office 2019 are no longer supported on any OS.  Office 2021, Office 2024, and LTSC versions will still run on Windows 10, but without support or updates.  Users are encouraged to migrate to Microsoft 365 or move these licenses to a supported Windows 11 machine. Support for Office 2021 and Office LTSC 2021 will end in October 2026.  Data Backup Is Critical Regardless of whether users upgrade, enroll in ESU, or continue using unsupported devices, backing up data is crucial. Transitioning to a new operating system or continuing with Windows 10 without security patches increases the risk of system failure and data loss.  Additionally, Microsoft advises users to securely wipe hard drives using built-in tools before recycling, reselling, or donating old devices. Trade-in and recycling programs are available via Microsoft and participating PC manufacturers.  The end of Windows 10 support introduces serious challenges for millions of PC users globally. Those unable to shift to Windows 11 are left with limited options: a costly ESU program or running an unsafe system. Given the rising number of exploits and the growing cybersecurity threat landscape, users must act promptly, whether through upgrades, data backup, or transitioning to new hardware. 

image for UK Cyberattacks Incr ...

 Firewall Daily

The UK cyberattacks increase continues to alarm security experts, with the National Cyber Security Centre (NCSC) revealing that it handled a record 204 nationally significant cyber incidents in the past year — more than double the 89 incidents recorded the previous year. The surge highlights the growing scale of UK   show more ...

cybersecurity threats, as businesses and government entities face increasingly sophisticated attacks from nation-state and criminal actors. According to the NCSC Annual Review 2025, the country is now experiencing an average of four nationally significant cyberattacks every week, reflecting how deeply digital threats have embedded themselves into the UK’s critical sectors and economy. But what’s most concerning is the sharp escalation in the number of highly significant cyber incidents — those capable of disrupting essential services or compromising national interests. Of the 429 total incidents handled, 18 were classified in this category, marking an almost 50% increase compared with the previous year and the third consecutive annual rise. “This marks an almost 50% increase on incidents of this second-highest level categorisation compared with the previous year, and an increase for the third year running,” the NCSC report stated — a clear sign that the UK’s digital defences are being tested like never before. UK Cyberattacks Increase Driven by State and Criminal Actors The GCHQ cyber report points to a UK cyberattack increase linked to Advanced Persistent Threat (APT) groups — both state-sponsored and well-organised criminal gangs. These actors are targeting vital sectors such as energy, finance, and healthcare with increasingly advanced tactics. Dr. Richard Horne, Chief Executive of the NCSC, said the findings should serve as a wake-up call to UK businesses and leaders. “Cyber security is now a matter of business survival and national resilience,” Horne said. “With over half the incidents handled by the NCSC deemed nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace. Hesitation is a vulnerability — the time to act is now.” Government Urges Board-Level Cyber Resilience In response to the sharp rise in UK cyberattacks, the government has written to CEOs and board chairs of major UK organisations — including all FTSE 350 companies — urging them to make cyber resilience a top-level priority. The message underscores that cybersecurity is no longer a purely technical challenge but a strategic business risk that demands executive oversight. Nationally significant incidents are defined as those that could have a major impact on national security, the economy, or essential services, while highly significant attacks may require a coordinated cross-government response due to their potential to cause severe and lasting disruption. New Toolkit to Help Small Organisations To help businesses strengthen their defences, the NCSC has launched a Cyber Action Toolkit — a new resource aimed at small organisations and sole traders. It provides simple, actionable steps to help build strong cybersecurity foundations and protect against the most common online threats. The centre is also urging businesses to adopt the Cyber Essentials certification scheme, which helps organisations safeguard against routine attacks. As an added benefit, eligible UK organisations with an annual turnover below £20 million receive free cyber liability insurance upon full certification. Urgent Call for Action The NCSC Annual Review 2025 paints a picture of the threat environment, a record year for UK cyberattacks increase and a troubling pattern of escalation in highly significant cyber incidents. For the third year in a row, the UK has seen these attacks grow both in frequency and severity. The message from the nation’s cyber experts is clear: while UK cyberattacks increase are inevitable, their impact can be reduced. Strengthening cyber resilience, investing in security measures, and acting decisively today are the only ways to protect tomorrow’s digital Britain.

image for Credential Attacks D ...

 Cyber News

A managed security services provider has detected credential attacks on SonicWall SSLVPN devices. The attacks, reported by Huntress, involve “widespread compromise” of SonicWall SSLVPN devices. “Threat actors are authenticating into multiple accounts rapidly across compromised devices,” the service provider   show more ...

said. “The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing.” Report Follows SonicWall Backup Advisory The report follows a SonicWall advisory that an unauthorized party had accessed firewall configuration backup files for all SonicWall customers who have used the company’s cloud backup service. The configuration files contain encrypted credentials and configuration data, and encryption would make credential exploitation challenging, but SonicWall nonetheless noted that “possession of these files could increase the risk of targeted attacks.” Huntress said there is “no evidence” to link the credential attacks to the SonicWall backup breach, but urged users to follow SonicWall’s guidance and take additional steps. SonicWall SSLVPN Attacks Widespread The SonicWall SSLVPN credential attacks have occurred across “multiple customer environments,” Huntress said. Much of the attack activity started on October 4, “with clustered authentications occurring over the course of the following two days.” As of October 10, more than 100 SonicWall SSLVPN accounts across 16 customer environments had been affected, the service provider said. Authentication attempts on the SonicWall devices originated from the IP 202.155.8[.]73. “In some instances, the actors did not appear to generate further adversarial activity in the network, disconnecting after a short period,” the service provider said. “In other cases, there was evidence of post-exploitation activity, with the actors conducting network scanning activity and attempting to access numerous local Windows accounts.” Protecting Against SonicWall Credential Attacks Actions recommended by Huntress include: Restricting WAN management and remote access wherever possible Disabling or limiting HTTP, HTTPS, SSH, SSL VPN and inbound management until credentials are reset Resetting all secrets and keys on affected devices, including local admin accounts, VPN pre-shared keys, LDAP/RADIUS/TACACS+ bind credentials, wireless PSKs and SNMP credentials Revoking external API keys, dynamic DNS, SMTP/FTP credentials and “any automation secrets that touch the firewall or management systems” Increasing logging and reviewing recent logins and configuration changes for suspicious activity After resetting, reintroduce services one by one and monitor for reappearance of unauthorized access Enforce multi-factor authentication (MFA) for all admin and remote accounts and apply least privilege to management roles. The Cyber Express has reached out to SonicWall for comment and will update this article with any further information.

image for Patch Tuesday Octobe ...

 Cyber News

Microsoft’s Patch Tuesday October 2025 included fixes for 175 vulnerabilities, including three exploited zero-days and 13 additional high-risk vulnerabilities. The three zero-days under attack were quickly added to CISA’s Known Exploited Vulnerabilities (KEV) database. One of those vulnerabilities is   show more ...

CVE-2025-59230, a 7.8-severity Elevation of Privilege vulnerability in Windows Remote Access Connection Manager. Microsoft notes that “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) were credited with the vulnerability discovery. The second zero-day added to CISA KEV is CVE-2025-24990, a 7.8-rated Elevation of Privilege vulnerability in Windows Agere Modem Driver, a third-party driver that ships natively with supported Windows operating systems. The ltmdm64.sys driver has been removed in the October cumulative update. “Fax modem hardware dependent on this specific driver will no longer work on Windows,” Microsoft noted, adding that users should remove “any existing dependencies on this hardware.” CVE-2025-47827, a 4.6-rated Secure Boot bypass in IGEL OS before 11, was also labeled “exploitation detected” by Microsoft and added to the CISA KEV database. The October 2025 update is also the last for Windows 10, which has reached end-of-life and is no longer supported. Other vendors issuing Patch Tuesday fixes today include Ivanti, Adobe, Fortinet and SAP. The SAP updates include two maximum-severity SAP NetWeaver fixes. Patch Tuesday October 2025: Two 9.8 Vulnerabilities The 13 Microsoft vulnerabilities labeled “exploitation more likely” included two 9.8-severity vulnerabilities. CVE-2025-59287 is a 9.8-rated Remote Code Execution vulnerability in Windows Server Update Service (WSUS). “Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network,” Microsoft said. “A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.” The attack complexity is low and it requires no privileges or user interaction. Microsoft acknowledged “MEOW” for the contribution, with no other identifying information CVE-2025-59246 is a 9.8-rated Azure Entra ID Elevation of Privilege vulnerability that requires no customer action to resolve, Microsoft credited Dylan Ryan-Zilavy for the find. Other High-risk Vulnerabilities The other 11 Microsoft vulnerabilities at elevated risk of exploitation include: CVE-2025-24052, a 7.8-rated Windows Agere Modem Driver Elevation of Privilege vulnerability CVE-2025-59199, a 7.8-severity Software Protection Platform (SPP) Elevation of Privilege vulnerability. “Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally,” Microsoft noted. CVE-2025-58722, a 7.8-rated Microsoft DWM Core Library Elevation of Privilege vulnerability. The heap-based buffer overflow vulnerability could allow an authorized attacker to elevate privileges locally. CVE-2025-55694, a 7.8-severity Windows Error Reporting Service Elevation of Privilege vulnerability involving improper access control, which could allow an authorized attacker to elevate privileges locally. CVE-2025-55692, a 7.8-rated Windows Error Reporting Service Elevation of Privilege vulnerability involving improper input validation, which could allow an authorized attacker to elevate privileges locally. CVE-2025-55680, a 7.8-severity Windows Cloud Files Mini Filter Driver Elevation of Privilege vulnerability. A time-of-check time-of-use (TOCTOU) race condition could allow an authorized attacker to elevate privileges locally. CVE-2025-59194, a 7.0-rated Windows Kernel Elevation of Privilege vulnerability. Use of an uninitialized resource in the Windows Kernel could allow an authorized attacker to elevate privileges locally. CVE-2025-59502, a 7.5-severity Remote Procedure Call Denial of Service vulnerability. Uncontrolled resource consumption in Windows Remote Procedure Call could allow an unauthorized attacker to deny service over a network. CVE-2025-55693, a 7.4-rated Elevation of Privilege/Use After Free vulnerability in Windows Kernel could allow an unauthorized attacker to elevate privileges locally. CVE-2025-48004, a 7.4-severity Elevation of Privilege/Use After Free vulnerability in the Microsoft Brokering File System could allow an unauthorized attacker to elevate privileges locally. CVE-2025-55681, a 7.0-rated Desktop Windows Manager (DWM) Elevation of Privilege/ Out-of-Bounds Read vulnerability could allow an authorized attacker to elevate privileges locally.  

image for Why the Netherlands ...

 Cyber News

The Dutch government has invoked the Goods Availability Act (Wet Beschikbaarheid Goederen) to assert control over decisions made by Chinese-owned semiconductor firm Nexperia, citing risks to national and European technological security. The announcement, made public on October 12, revealed that the Act was invoked on   show more ...

September 30, 2025, by the Dutch Minister of Economic Affairs following what officials described as “serious governance shortcomings” within the company. The intervention is designed to ensure that crucial semiconductor technologies and production capabilities remain safeguarded on Dutch and European soil. Under the order, the government now has the authority to block or reverse company decisions if they are deemed potentially harmful to national or European interests. However, Nexperia’s regular production activities will continue as usual. Safeguarding Dutch and European Technological Capabilities According to the ministry, the decision was driven by acute signals of governance deficiencies within Nexperia that could jeopardize the continuity of critical technological knowledge and semiconductor capabilities. The company plays a vital role in producing chips used across the European automotive and consumer electronics sectors — industries central to the continent’s economic resilience. Officials stated that the move was “highly exceptional” and taken only because of the scale and urgency of the identified issues. “This is a measure the government uses only when absolutely necessary,” the ministry emphasized, clarifying that the action targets Nexperia alone, not the wider semiconductor sector or Chinese enterprises in general. The Goods Availability Act allows the Dutch government to intervene when there is a risk that vital products or technologies could become unavailable during emergencies or crises. The goal, authorities said, is to prevent any loss of strategic capacity that might undermine Dutch or European economic security. Chinese Parent Firm Calls Move “Excessive Interference” Nexperia’s Chinese parent company, Wingtech Technology, sharply criticized the Netherlands’ intervention, calling it “an act of excessive interference driven by geopolitical bias, not by fact-based risk assessment.” In a filing to the Shanghai Stock Exchange, Wingtech announced plans to appeal the decision in court and said it was seeking assistance from the Chinese government. Following the news, Wingtech’s shares plunged 10% at the open on Tuesday, hitting the daily trading limit for the second consecutive session. The controversy comes amid heightened scrutiny of Chinese investments in Western technology sectors, especially those related to semiconductors. Espionage Concerns and Wider Context The Dutch decision follows warnings from the MIVD, the country’s military intelligence agency, which earlier this year cautioned that Chinese espionage activities targeting semiconductor research were intensifying. The Netherlands, home to chip-making giant ASML, has been a focal point of concern regarding the theft of semiconductor manufacturing secrets. Globally, tensions in the semiconductor sector have been escalating. In 2023, Wingtech was among 140 entities added to the U.S. Commerce Department’s sanctions list for actions deemed “contrary to the national security and foreign policy interests of the United States.” This is not the first time Nexperia has faced government intervention. In 2022, the UK ordered Nexperia to sell its stake in Newport Wafer Fab, the country’s largest microprocessor factory, citing national security risks tied to Chinese ownership. The company later sold the facility to Vishay Intertechnology, a U.S.-based firm, for $177 million, more than double its purchase price amid the global chip shortage. Nexperia Cybersecurity Breach Adding to the controversy, Nexperia suffered a cyberattack in March 2024, during which an “unauthorized third party accessed certain IT servers.” The incident reportedly exposed sensitive documents and intellectual property, heightening concerns about data security and ransomware threats in the semiconductor industry. Moreover, on accessing the company's website, it displayed a maintenance message stating: “We are currently performing maintenance… We strive to provide you with an optimal browsing experience by updating and improving our website regularly.” [caption id="attachment_105975" align="aligncenter" width="1024"] Source: Nexperia Official Website[/caption] A Balancing Act Between Security and Commerce The Dutch government’s intervention highlights a growing European unease over foreign control of critical technologies, particularly in the semiconductor supply chain. While the decision to invoke the Goods Availability Act is extraordinary, officials maintain it is a targeted and precautionary measure to protect vital national interests. Meanwhile, the case has already rippled through global markets. Wingtech’s losses contributed to a cautious mood across Asian exchanges, even as South Korea’s Kospi index hit a record high and Japan’s Nikkei 225 slipped amid broader tech-sector volatility.

image for Happy DOM Security F ...

 Firewall Daily

A critical security flaw has been identified in Happy DOM, a widely used JavaScript library primarily employed for server-side rendering and testing frameworks. The vulnerability, cataloged as CVE-2025-61927, allows attackers to escape the library’s virtual machine (VM) context, leading to potential remote code   show more ...

execution on vulnerable systems. This flaw threatens millions of applications that depend on Happy DOM.  Understanding the VM Context Escape Vulnerability (CVE-2025-61927) in Happy DOM  The root of this vulnerability lies in the improper isolation of the Node.js VM context within Happy DOM versions 19 and earlier. The VM context is intended to act as a secure sandbox, allowing untrusted code to execute without compromising the host system. However, this isolation is flawed, enabling malicious JavaScript code to escape the sandbox and gain access to higher-level system functions.  Security researcher Mas0nShi uncovered that the vulnerability exploits the inheritance chain of JavaScript constructors. By walking up the constructor chain from the context’s objects, attackers can reach the global Function constructor, which permits the evaluation of arbitrary code strings. This effectively breaks the containment and allows code execution at the process level, bypassing the VM context safeguards.  The attack differs depending on the module system in use: CommonJS or ECMAScript modules (ESM). Systems running CommonJS are particularly exposed, as attackers can access the require() function, enabling them to import and execute additional modules, increasing the attack surface. In contrast, ESM environments limit access to import or require, reducing some capabilities but still allowing process-level information retrieval.  Scope and Impact  Happy DOM is widely adopted for server-side rendering (SSR) and testing environments that process user-generated or untrusted HTML content. The flaw impacts roughly 2.7 million users who rely on the library for rendering and testing JavaScript applications. The most at-risk applications are those that dynamically render user-controlled content, creating an opportunity for attackers to inject and execute malicious scripts.  Typical attack scenarios include:  Data Exfiltration: Attackers may gain access to sensitive environment variables, configuration files, or secret tokens.  Lateral Movement: Malicious actors could exploit network access within the environment to move laterally across systems, although Happy DOM does implement some network protections like CORS.  Code Execution: Attackers may run arbitrary commands by leveraging child processes.  Persistence: File system access could enable attackers to modify or persist malicious payloads on the host.  Technical Details and Reproduction  In CommonJS setups, attackers can obtain the require() function via the escape, allowing the import of core Node.js modules like fs to read files:  const { Window } = require('happy-dom'); const window = new Window({ console }); window.document.write(`  <script>     const process = this.constructor.constructor('return process')();     const require = process.mainModule.require;     console.log('Files:', require('fs').readdirSync('.').slice(0,3));  </script> `); In ECMAScript module contexts, although importing modules is restricted, attackers can still access the process object and obtain process-level information, such as the PID:  const { Window } = require('happy-dom'); const window = new Window({ console }); window.document.write(`  <script>     const process = this.constructor.constructor('return process')();     console.log('PID:', process.pid);  </script> `); The crux of the issue is that the JavaScript evaluation feature in Happy DOM is enabled by default, which is not always apparent to users and poses risks when handling untrusted code.  Response and Recommendations  The vulnerability has been addressed in Happy DOM version 20, where JavaScript evaluation is disabled by default. This release also includes warnings when JavaScript evaluation is enabled in potentially insecure environments.  Users are strongly advised to upgrade to version 20 or later immediately to mitigate the risk of exploitation. For those who cannot upgrade right away, disabling JavaScript evaluation entirely is recommended unless the content processed is fully trusted.  Additional hardening can be achieved by running Node.js with the --disallow-code-generation-from-strings flag. This flag prevents string-based code generation methods like eval() and Function() from running at the process level, effectively blocking the VM context escape even if JavaScript evaluation is enabled in Happy DOM. Notably, eval() and Function() remain usable safely within the isolated Happy DOM VM context itself. 

image for Anatomy of an Active ...

 Cyber News

Active Directory is a key target for hackers, so a recent report detailing Active Directory attack techniques contains useful lessons for security defenders.  The attack, which targeted the critical NTDS.dit file at the core of Active Directory, was detailed in a blog post by Trellix Staff Research Scientist Maulik   show more ...

Maheta.  “In a Windows domain environment, Active Directory (AD) is the central nervous system that governs who can log in, what they can access, and how trust is enforced throughout the organization,” Maheta wrote.  “For an attacker, compromising the NTDS.dit file is equivalent to discovering the blueprint of your digital identity system,” he wrote.  Active Directory Attack is 'Identity Theft on the Infrastructure Level'  NTDS.dit is the NT Directory Services Directory Information Tree and “contains the domain's entire database,” storing user accounts, group policies, computer objects and password hashes for all domain users, including privileged accounts such as Domain Administrators.  With the right tools and access to the SYSTEM hive for decryption, attacks "can extract these hashes, crack passwords offline, and impersonate anyone,” Maheta wrote. “They no longer need to phish your users or brute-force logins; they now have the keys to the kingdom.”  To gain administrative privileges on a host, attackers often use native tools such as vssadmin to create a Volume Shadow Copy (VSS) and bypass file locks. They can then extract NTDS.dit, repair it with the esentutl database utilities, and then perform a credential dump with tools like SecretsDump, Mimikatz, or a simple Copy Command, “all without triggering traditional alarms.”  “This is why stealing NTDS.dit is so dangerous” Maheta wrote. “It's not just data loss; it's also identity theft on the infrastructure level.”  Active Directory Attack Steps  Maheta outlined the attack in four steps.  The first step after obtaining network access is stealing password hashes through methods such as DCSync, extracting hashes from ntds.dit, or extracting hashes from the lsass.exe process memory that stores hashes for currently logged-in users.  The attacker can then use the Pass the Hash method to authenticate as a user using a stolen password hash, launching cmd.exe using the stolen hash, or using it to connect to network resources that support NTLM authentication.  From there, the attacker can move laterally through the network by, for example, using the PSExec tool to execute commands on remote systems, “thereby expanding their footprint and repeating the cycle of credential theft and lateral movement on an increasing number of systems.”  An attacker with access to a domain controller's file system could exfiltrate NTDS.dit and the HKEY_LOCAL_MACHINESYSTEM registry hive needed to retrieve the Boot Key for decrypting the NTDS.dit file. AD places a file system lock on the ntds.dit file to thwart attempts to copy it, but Maheta noted a few ways around that protection:  Taking a snapshot of the volume with VSS, then extracting the NTDS.dit file from it  Using a PowerShell utility to copy files while in use  Creating Active Directory installation media files using a built-in program like DSDBUtil.exe or NTDSUtil.exe.  “The theft of the NTDS.dit file is more than just a data breach; it is a complete loss of identity, trust, and control within a Windows domain,” Maheta concluded. “What makes this threat particularly dangerous is its stealth: attackers frequently use native tools, low-noise techniques, and encrypted exfiltration to avoid detection.”  Trellix NDR can help, he said, by detecting “subtle behavioral patterns and exfiltration attempts that traditional defenses miss.” 

 Government

California's governor signed a bill that requires chatbot operators to set up a system to prevent suicidal ideation — an issue that several federal lawmakers have also focused on in recent months.

 Feed

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains. "TA585 is notable because it

 Feed

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to

 Feed

Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love this month. Launched by CISA and the National

 Feed

Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD's incomplete protections that make it possible to perform a single memory

 Feed

Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel. The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of

 Feed

Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your

 Feed

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded

 AI

In episode 72 of The AI Fix, GPT-5's "secret sauce" turns out to be phrases from adult websites, Irish police beg TikTokers to stop faking AI home intruders, Jeff Bezos pitches gigawatt data centers in space, OpenAI rolls out Agent Kit for drag-and-drop agents, and a Chinese startup unveils the creepiest   show more ...

robot head ever. Meanwhile, Graham looks askance at corporate America’s AI obsession - earning calls full of sunshine, SEC filings full of dread - while 95% of AI pilots flop. Mark then takes you down the wire to see where your prompt actually goes: tokens, tensors, rivers of cooling water, and a billion GPU multiplications.. all to tell you there are "two r’s in strawberry." All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

2025-10
Aggregator history
Tuesday, October 14
WED
THU
FRI
SAT
SUN
MON
TUE
OctoberNovember