Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for WazirX to Resume Exc ...

 Firewall Daily

WazirX, one of India’s popular cryptocurrency exchanges, is set to restart its operations on October 24, nearly 15 months after a cyberattack forced the platform to halt all activities. The decision to resume trading follows the approval of WazirX’s restructuring plan by Singapore’s High Court. In July   show more ...

2024, WazirX experienced a devastating cyberattack that resulted in the loss of approximately 45% of its crypto assets, valued at $234 million. This breach compelled the platform to suspend its operations indefinitely, leaving its user base without access to trading or withdrawals during a period when the cryptocurrency market witnessed substantial growth. Token prices surged across the board, increasing the stakes for users awaiting the platform’s reopening. Court Approval and Restructuring Scheme  Earlier this year, WazirX proposed a restructuring scheme aimed at recovering and redistributing tokens covering nearly 85% of creditors’ balances. This plan requires majority approval from its user base. Following a re-vote in August, a striking 95.7% of voting creditors, accounting for 94.6% by value, endorsed the revised scheme.  The High Court of Singapore officially sanctioned the restructuring plan in mid-October, paving the way for the exchange’s return to the market. This court’s approval was a critical step for WazirX, as it legitimizes the company’s approach to restoring user funds and relaunching services.  WazirX Relaunch Strategy and User Benefits  WazirX’s comeback will begin with selecting crypto-to-crypto trading pairs, along with the USD/INR pair, with plans to expand market offerings gradually. To incentivize users during this relaunch phase, WazirX is introducing a "Restart Offer," which waives trading fees across all pairs for users.  While the exchange token rebalancing page is currently live, enabling users to view their adjusted holdings, WazirX is still finalizing features related to withdrawals and trading. In preparation for the relaunch, the platform completed a series of technical updates, including token swaps, mergers, delisting, migration, and any necessary rebranding.  To upgrade security and transparency moving forward, WazirX has partnered with BitGo, a well-known digital asset trust company, to safeguard users’ funds more effectively.  Reaffirming Commitment  Nischal Shetty, the founder of WazirX, addressed the community on the occasion of the relaunch. Expressing gratitude for the users’ patience during the difficult period, Shetty highlighted the company’s dedication to making cryptocurrency accessible to every Indian.  “This isn’t just a return to operations; it’s a reinforcement of our integrity, which we’ve always strived for,” Shetty remarked. His message underscored the exchange’s determination not only to resume trading but to emerge stronger and more reliable in the crypto landscape.  The resumption of WazirX’s operations marks a notable recovery from one of the most challenging periods the exchange has faced. The cyberattack in mid-2024 had a profound impact on both the company and its users, but the successful court-approved restructuring and partnership with BitGo suggest a more secure and transparent future. 

image for U.S. Accuses Former ...

 Cyber News

The U.S. government has apparently charged a former cybersecurity company official with stealing trade secrets with the intention of selling them to a Russian buyer, according to court documents and news reports. Court documents didn’t name the companies involved in the case, but Bloomberg and TechCrunch said the   show more ...

defendant – Peter Williams – is a former director at L3Harris Trenchant, which does vulnerability and security work for government clients. The Cyber Express reached out to U.S. and defense attorneys and L3Harris for comment on the case and was told by a U.S. attorney that they couldn’t comment on an ongoing case. L3Harris Trenchant is not charged with wrongdoing in the matter. The use of a Criminal Information document to bring the charges suggests the possibility of a plea deal in the case. Williams is scheduled to appear in court on October 29 for an "Arraignment and Plea Agreement Hearing," according to court records. L3Harris Trenchant’s Sensitive Security Work Trenchant was created following the acquisitions of Azimuth Security and Linchpin Labs by defense contractor L3Harris Technologies. According to a Trenchant information page, “Much of our work is neither public nor publicized. We work with select customers who share our ethical standards and have a formal mandate to operate in this space. Our solutions are driven by holistic analysis of real operational scenarios, yielding capabilities that are tuned to thrive and survive in real-world environments.” “We are a trusted, discreet partner furnishing security products, consultancy, training and integration services to allied governments, defense, security and law enforcement agencies,” Trenchant’s website adds. Trenchant’s solutions include vulnerability and exploit research, APIs for intelligence operations, “device and access capabilities,” and computer network operations (CNO) products. The Charges: Stealing Trade Secrets The two-count U.S. Criminal Information document alleges that Williams stole seven trade secrets from two unnamed companies with the intention of selling them to a Russian buyer. The first count states that between roughly April 2022 and June 2025, Williams allegedly “did knowingly steal, and without authorization, appropriate, take, carry away, conceal, and by fraud, artifice and deception, obtain such information, to wit, seven trade secrets ... knowing and intending those secrets to be sold outside of the United States, and specifically to a buyer based in the Russian Federation (Russia).” The second count says that between June 2025 and August 2025, Williams allegedly “did knowingly and without authorization copy, duplicate download, upload, alter, replicate, transmit, deliver, send, communicate and convey such information, that is one trade secret ... knowing and intending those secrets to be sold outside of the United States, and specifically to a buyer based in the Russian Federation (Russia).” Both are Theft of Trade Secrets charges under Title 18, United States Code, Section 1832(a)(1) and Title 18, United States Code, Section 1832(a)(2). The U.S. seeks to collect $1.3 million in forfeited property from Williams.

image for Microsoft Digital De ...

 Firewall Daily

The newly released Microsoft Digital Defense Report 2025 reveals new data on global cyber threats. According to the report, more than half of all cyberattacks with known motives, 52%, are driven by extortion and ransomware.  In contrast, espionage accounts for only 4%, a shift toward financially motivated   show more ...

cybercrime rather than state-sponsored operations. Published on October 22, 2025, the report stresses that today’s attackers are largely opportunistic about criminals seeking monetary gain rather than geopolitical advantage.  The findings show that in 80% of incidents, attackers aimed primarily to steal data. This trend highlights the universality of the threat, as organizations across every industry face mounting pressure to protect sensitive information against both small-scale criminals and organized syndicates.  Digital Defense Report 2025: Data Behind the Threat  Microsoft’s digital infrastructure gives it a unique vantage point on global cybercrime trends. Each day, the company processes over 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyzes 38 million identity-risk detections, and scans 5 billion emails for phishing and malicious content.  Automation and widely available hacking tools have enabled attackers to scale operations faster than ever. The report warns that artificial intelligence (AI) is now accelerating this process, making phishing lures, fake websites, and social-engineering content more convincing and harder to detect.  A major takeaway from the Digital Defense Report is that cybersecurity can no longer be viewed as a purely technical issue. It must be treated as a strategic business priority. The report urges leaders to integrate security into every layer of digital transformation, arguing that modern defenses are essential for long-term resilience.  For individual users, Microsoft recommends the use of multi-factor authentication (MFA), especially phishing-resistant MFA, which can block over 99% of identity-based attacks, even when criminals have stolen valid credentials.  Regional Focus: Urgency in the Adriatic  Tomislav Vračić, NTO Europe South Multi-country Cluster at Microsoft, emphasized the growing urgency across Southeast Europe:  “Across the Adriatic region, the urgency to strengthen cybersecurity awareness and readiness has never been greater,” Vračić said. “As digital transformation accelerates in Croatia, Slovenia, Serbia, Albania, Bulgaria, and neighboring markets, both public and private sectors must act decisively to safeguard critical infrastructure and citizen trust. Proactive defense is a strategic imperative for securing our shared digital future.”  The report highlights that hospitals, schools, and local governments are frequent targets of ransomware and data-theft campaigns. These institutions often lack sufficient resources to recover quickly, which makes them appealing to targets. The fallout is severe, ranging from delayed medical care to disrupted education and halted public services. Because operational continuity is so critical in these sectors, attackers often succeed in extorting quick payments.  Modernization Is Non-Negotiable  Outdated security systems are no longer enough. The Digital Defense Report stresses that modernization, strong public-private collaboration, and shared threat intelligence are key to countering today’s cybercrime landscape. Governments and industries must work together to reinforce defense infrastructure before the next major wave of ransomware and data-theft attacks.  While financially motivated actors dominate, nation-state attacks continue to pose serious risks. The report identifies:  China, expanding its operations across industries and NGOs by exploiting vulnerable devices for covert access.  Iran, targeting logistics companies in Europe and the Persian Gulf, is likely to disrupt trade.  Russia, extending operations beyond Ukraine and focusing on small NATO countries ' businesses as potential entry points into larger networks.  North Korea, combining espionage and profit motives, often uses overseas IT workers whose earnings are sent back to the regime. 

image for RCE Vulnerability (C ...

 Cyber News

A critical flaw has been identified in a Rust library that demands immediate attention from developers and IT decision-makers leveraging the Rust ecosystem. The vulnerability, tracked as CVE‑2025‑62518, exposes serious remote code execution (RCE) risks in the widely used async tar library ecosystem.  The   show more ...

root of the problem lies in a boundary-parsing error within a key Rust component. The library at the center is the async-tar “family” of crates: the original async‑tar library and its many forks, including the popular tokio‑tar and astral‑tokio‑tar. According to vulnerability listings, versions of astral-tokio-tar before 0.5.6 contain the flaw. NVD records confirm it was published on October 21, 2025.   Researchers at Edera dubbed the vulnerability “TARmageddon” and described it as a boundary-parsing bug in a Rust library that can lead to RCE via file overwriting attacks, such as replacing configuration files or hijacking build back-ends.   Technical Overview of the CVE‑2025‑62518 Vulnerability  The issue lies in the inconsistent handling of PAX and ustar headers during TAR-file extraction in the affected Rust library. In some TAR archives, a PAX header may indicate a file size (say X bytes), while the accompanying ustar header incorrectly indicates zero bytes.   The vulnerable library uses the ustar size (zero) when advancing the stream, failing to skip over the actual file data of the nested archive. As a result, the parser misaligns and treats headers of the nested archive as entries in the outer archive. This misalignment allows for:  File-overwriting attacks during extraction  Supply-chain poisoning via build systems or package managers  Bypassing security scanners or manifest checks by hiding nested archives  In one example scenario, an attacker crafts a malicious archive such that during extraction via the vulnerable Rust library (in a build or CI system), the hidden inner TAR injects or overwrites files unexpectedly, potentially giving the attacker remote code execution (RCE) privileges.  Scope & affected ecosystem  Because tokio-tar has over 5 million downloads and has been used widely (often as an indirect dependency), the blast radius is large. Projects known to be impacted include uv (a Python package manager), testcontainers, and wasmCloud.   The complexity is worsened by the fact that the most popular fork (tokio‐tar) appears to be unmaintained (“abandonware”), meaning the fix cannot simply be pushed upstream and inherited automatically.  Disclosure timeline  The vulnerability disclosure followed a non-standard, decentralized process because of the upstream abandonment. Key dates:  August 21, 2025: Bug discovered by Edera and a minimal repro built.  August 22: Patches created and initial disclosures made to library maintainers and select downstream users under a 60-day embargo (ending October 21).  September 2: Acknowledgment from the upstream async-tar project.  October 21, 2025: Public release of advisory and patches.  Conclusion   Organizations using the affected Rust library should act quickly to address CVE-2025-62518, a high-severity RCE vulnerability in the async-tar ecosystem. The safest step is to upgrade to astral-tokio-tar version 0.5.6 or later or migrate away from unmaintained forks like tokio-tar.   If immediate patching isn’t possible, apply mitigations such as sandboxed extraction, file-size limits, and post-extraction scans, and review dependencies for indirect exposure. The TARmageddon flaw highlights that even Rust’s strong safety features can’t prevent logic bugs. 

image for Researchers find a w ...

 Business

A recent publication by researchers at the University of California, Irvine, demonstrates a fascinating fact: optical sensors in computer mice have become so sensitive that, in addition to tracking surface movements, they can pick up even minute vibrations — for instance, those generated by a nearby conversation.   show more ...

The theoretical attack, dubbed “Mic-E-Mouse”, could potentially allow adversaries to listen in on discussions in “secure” rooms, provided the attacker can somehow intercept the data transmitted by the mouse. As is often the case with academic papers of this kind, the proposed method comes with quite a few limitations. Specifics of the Mic-E-Mouse attack Let’s be clear from the start — not just any old mouse will work for this attack. It specifically requires models with the most sensitive optical sensors. Such a sensor is essentially an extremely simplified video camera that films the surface of the desk at a resolution of 16×16 or 32×32 pixels. The mouse’s internal circuitry compares consecutive frames to determine how far and in which direction the mouse has moved. How often these snapshots are taken determines the mouse’s final resolution, expressed in dots per inch (DPI). The higher the DPI, the less the user has to move the mouse to position the cursor on the screen. There’s also a second metric: the polling rate — the frequency at which the mouse data is transmitted to the computer. A sensitive sensor in a mouse that transmits data infrequently is of no use. For the Mic-E-Mouse attack to even be feasible, the mouse needs both a high resolution (10 000DPI or more) and a high polling rate (4000Hz or more). Why do these particular specifications matter? Human speech, which the researchers intended to eavesdrop on, is audible in a frequency range of approximately 100 to 6000Hz. Speech causes sound waves, which create vibrations on the surfaces of nearby objects. Capturing these vibrations requires an extremely precise sensor, and the data coming from it must be transmitted to the PC in the most complete form possible — with the data update frequency being most critical. According to the Nyquist–Shannon sampling theorem, an analog signal within a specific frequency range can be digitized if the sampling rate is at least twice the highest frequency of the signal. Consequently, a mouse transmitting data at 4000Hz can theoretically capture an audio frequency range up to a maximum of 2000Hz. But what kind of recording can a mouse capture anyway? Let’s take a look. Results of the study on the sensitivity of a computer mouse’s optical sensor for capturing audio information. Source In graph (a), the blue color shows the frequency response typical of human speech — this is the source data. Green represents what was captured using the computer mouse. The yellow represents the noise level. The green corresponds very poorly to the original audio information and is almost completely drowned in noise. The same is shown in a spectral view in graph (d). It looks as though it’s impossible to recover anything at all from this information. However, let’s look at graphs (b) and (c). The former shows the original test signals: tones at 200 and 400Hz, as well as a variable frequency signal from 20 to 16 000Hz. The latter shows the same signals, but captured by the computer mouse’s sensor. It’s clear that some information is preserved, although frequencies above 1700Hz can’t be intercepted. Two different filtering methods were applied to this extremely noisy data. First, the well-known Wiener filtering method, and second, filtering using a machine-learning system trained on clean voice data. Here’s the result. Spectral analysis of the audio signal at different stages of filtering. Source Shown here from left to right are: the source signal, the raw data from the mouse sensor (with maximum noise), and the two filtering stages. The result is something very closely resembling the source material. So what kind of attack could be built based on such a recording? The researchers propose the following scenario: two people are holding a conversation in a secure room with a PC in it. The sound of their speech causes air vibrations, which are transmitted to the tabletop, and from the tabletop to the mouse connected to the PC. Malware installed on the PC intercepts the data from the mouse, and sends it to the attackers’ server. There, the signal is processed and filtered to fully reconstruct the speech. Sounds rather horrifying, doesn’t it? Fortunately, this scenario has many issues. Severe limitations The key advantage of this method is the unusual attack vector. Obtaining data from the mouse requires no special privileges, meaning security solutions may not even detect the eavesdropping. However, not many applications access detailed data from a mouse, which means the attack would require either writing custom software, or hacking/modifying specialized software that is capable of using such data. Furthermore, there are currently not many mice models with the required specifications (resolution of 10 000DPI or higher, and polling rate of 4000Hz or more). The researchers found about a dozen potential candidates and tested the attack on two models. These weren’t the most expensive devices — for instance, the Razer Viper 8KHz costs around $50 — but they are gaming mice, which are unlikely to be found connected to a typical workstation. Thus, the Mic-E-Mouse attack is future-proof rather than present-proof: the researchers assume that, over time, high-resolution sensors will become standard even in the most common office models. The accuracy of the method is low as well. At best, the researchers managed to recognize only 50 to 60 percent of the source material. Finally, we need to consider that for the sake of the experiment, the researchers attempted to simplify their task as much as possible. Instead of capturing a real conversation, they were playing back human speech through computer speakers. A cardboard box with an opening was placed on top of the speakers. This opening was covered with a membrane with the mouse on top of it. This means the sound source was not only artificial, but also located mere inches from the optical sensor! The authors of the paper tried covering the hole with a thin sheet of paper or cardboard, and the recognition accuracy immediately plummeted to unacceptable levels of 10–30%. Reliable transmission of vibrations through a thick tabletop isn’t even a consideration. Cautious optimism and security model Credit where it’s due: the researchers found yet another attack vector that exploits unexpected hardware properties — something no one had previously thought of. For a first attempt, the result is remarkable, and the potential for further research is undoubtedly there. After all, the U.S. researchers only used machine learning for signal filtering. The reconstructed audio data was then listened to by human observers. What if neural networks were also used for speech recognition? Of course, such studies have an extremely narrow practical application. For organizations whose security model must account for even such paranoid scenarios, the authors of the study propose a series of protective measures. For one, you can simply ban connecting mice with high-resolution sensors — both through organizational policies and, technically, by blocklisting specific models. You can also provide employees with mousepads that dampen vibrations. The more relevant conclusion, however, concerns protection against malware: attackers can sometimes utilize completely atypical software features to cause harm — in this case, for espionage. So it’s worth identifying and analyzing even such complex cases; otherwise, it may later be impossible to even determine how a data leak occurred.

 Feed

E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client

 Feed

Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. "Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards," Palo Alto Networks Unit 42 researchers

 Feed

AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you're in security, that excitement often comes with a sinking feeling. Because while everyone else is racing ahead, you're left trying to manage a growing web of AI agents you didn’t create, can’t fully see, and weren’t designed to control. Join our upcoming webinar and learn how to make AI

 Feed

Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target. This week’s ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked

 Feed

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security

 Feed

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. "Some of these [companies' are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea's current efforts to scale up its

 Data loss

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers. Plus: Graham reveals his new-found   show more ...

superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio. All this and more is discussed in episode 440 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.

2025-10
Aggregator history
Thursday, October 23
WED
THU
FRI
SAT
SUN
MON
TUE
OctoberNovember