Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for When Security Is a M ...

 Cyber News

A new study that looked at 231 people exposed by a 2022 UK data leak of Afghans seeking resettlement after the Taliban takeover found that 49 had friends or colleagues killed in Afghanistan. The UK Afghan data leak report, by the charity Refugee Legal Support in consultation with two academics, looked at the damage   show more ...

done by the Ministry of Defence (MoD) data leak of 18,000 people who had applied for asylum. The report was submitted to a House of Commons Defence Committee inquiry into the data breach. UK Afghan Data Leak Exposed 87% to Risk and Threats The survey focused on 231 respondents who said they had been told directly by the Ministry of Defence that their data had been exposed in the leak, which was the result of an inadvertent emailing of a spreadsheet by a soldier. Of the 231 affected Afghans, 200, or 87%, “reported personal risks and/or threats to family members,” the report said, and 207 (89%) “reported impacts on their own physical and/or mental health and the same number (207) reported negative impacts on their family’s physical and/or mental health.” Some of the responses detailed in the report are harrowing. One respondent said, “My father was brutally beaten to the point that his toenails were forcibly removed, and my parents remain under constant and serious threat. My family and I continue to face intimidation, repeated house searches, and ongoing danger to our safety.” “I live under constant fear for my life and the safety of my family due to repeated raids, threats from the Taliban and local intelligence groups, and the risk of forced marriage for my daughter,” said another respondent. “The ongoing stress, anxiety, and fear for my family’s well-being have severely impacted my emotional and physical well-being.” One respondent who had relocated to the UK said fears from the breach remain a constant torment for family members who remain in Afghanistan. “Whether it's legal advice, mental health resources, or help accelerating family reunification, anything that can ease this burden would mean the world to me,” the person said. UK Advice Deemed Inadequate The report also found that the advice given to the affected Afghans in the wake of the breach was largely inadequate. The report described “a profound mismatch between the MoD’s security advice” – which focused on things like restricting use of social media accounts and advising the use of VPNS – “and the severity of reported risks and threats, which included direct threats, violence, and displacement.” One respondent said, “The security advice provided by the Ministry of Defence was very general and limited. They only advised me not to answer calls from unknown numbers and to secure my emails. These instructions were insufficient given the serious threats and risks I faced, including my house being searched, my brothers being summoned by intelligence services, and direct threats to our lives. Such general advice did not provide any practical help to protect my situation.” The report also found “no evidence that the Ministry of Defence offered local risk management or follow-up with individuals outside of the UK” who were affected by the data breach and were not offered resettlement. The report called for expedited review of remaining resettlement cases, including affected family members. “As both the quantitative and qualitative data from our survey shows, the data breach has had devastating consequences for many individuals and families,” the Refugee Legal Support report said. “The UK Government must act decisively to protect those affected, restore trust, and ensure that such a failure never happens again; or that if it does, those placed at risk will not also be left alone in the dark.”

image for Caller ID Spoofing I ...

 Cyber News

Caller ID spoofing causes nearly $1 billion (EUR 850 million) in financial losses from fraud and scams each year, according to a new Europol position paper that calls for technical and regulatory solutions to fight the problem. Phone calls and texts are the primary attack vectors, accounting for about 64% of reported   show more ...

cases, Europol said in the report. Caller ID spoofing is accomplished by manipulating the information displayed on a user’s caller ID, typically using Voice over Internet Protocol (VoIP) services or specialized apps to show a fake name or number “that appears legitimate and trustworthy,” Europol said. “The ability of malicious actors to conceal their true identity and origin, severely impedes the capacity of law enforcement agencies (LEAs) to trace and prosecute cybercriminals,” Europol said. Caller ID Spoofing Attack Types Europol outlined some of the caller ID spoofing attack types seen by EU law enforcement agencies. Criminals often spoof caller IDs to impersonate organizations like banks, government agencies, utility companies, or even family members, in scam calls to get recipients to reveal sensitive information, make fraudulent payments, or initiating money transfers under false pretenses. Tech support scammers impersonate legitimate tech support services to convince victims of non-existent computer issues in order to demand payment, install malware or obtain remote access for exploitation. Caller ID spoofing can also be used in swatting attacks to make it appear that an emergency call originated from a victim’s address. Organized crime networks have even set up “spoofing-as-a-service” platforms to automate caller ID spoofing, “with the aim of lowering the barrier for others to be able to commit crimes,” Europol said. “By offering such services, criminals can easily impersonate banks, LEAs or other trusted entities.” Europol Calls for Regulatory and Technical Response Europol surveyed law enforcement agencies across 23 countries and found significant barriers to implementing anti-caller-ID spoofing measures. “This means that the combined population of approximately 400 million people remain susceptible to these types of attacks,” the report said. The law enforcement agency said there is an “urgent need for a coordinated, multi-faceted approach to mitigate cross-border caller ID spoofing.” “The transnational nature of spoofing attacks demands seamless information sharing and coordinated action among Internet Service Providers (ISPs), telecommunications providers, law enforcement and regulatory bodies,” the agency said. Among the technical controls that are needed are “robust international traceback mechanisms” that include a neutral, cross-jurisdictional system for hop-by-hop tracing, standardized processes for information sharing, and APIs and signaling checks. Also needed are mechanisms for validating inbound international calls, and vendor-neutral tools with standardized interfaces for Do Not Call (DNC)/ Do Not Originate (DNO) lists, unallocated number lists, blacklisting, and malformed number detection. “Through multi-stakeholder collaboration, to address emerging threats and develop effective countermeasures, digital security can be significantly enhanced,” Europol said. “This will ensure citizens are better protected from the adverse effects of caller ID spoofing.” The report also acknowledged the importance of being prepared for other mobile threats such as SIM-based scams, anti-regulatory subleasing, the use of anonymous prepaid services in cybercrime, callback scams and smishing attacks.

image for CISA Warns that DELM ...

 Cyber News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two DELMIA Apriso vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Today’s addition of CVE-2025-6204 and CVE-2025-6205 to the KEV catalog follow last month’s addition of CVE-2025-5086 to the CISA database, which was the   show more ...

first addition of an industrial control system (ICS)/operational technology (OT) vulnerability to the exploited vulnerabilities catalog since December 2023. However, IT vulnerabilities added to the KEV catalog often appear in ICS/OT products too. DELMIA Apriso is manufacturing operations management (MOM) and manufacturing execution system (MES) software from Dassault Systèmes that is used to manage production processes and connect factory floors to enterprise resource planning (ERP) systems. In a blog post last month, Johannes Ullrich, SANS Internet Storm Center (ISC) founder and Dean of Research for SANS Technology Institute, said DELMIA Apriso differs from the small IoT devices that are often the focus of manufacturing security in that it is “‘big software’ that is used to manage manufacturing. ... This type of Manufacturing Operation Management (MOM) or Manufacturing Execution System (MES) ties everything together and promises to connect factory floors to ERP systems. But complex systems like this have bugs, too.” DELMIA Apriso Vulnerabilities CVE-2025-6204 and CVE-2025-6205 Under Attack CISA typically doesn’t say what threat groups are exploiting vulnerabilities added to the KEV catalog or how they’re being exploited, and CISA’s latest DELMIA Apriso notice only says that “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” CISA gave federal civilian agencies a deadline of November 18 to patch the vulnerabilities. CVE-2025-6205 is the higher-rated of the two vulnerabilities, a 9.1-severity Missing Authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 that could allow an attacker to gain privileged access to the application. CVE-2025-6204 is an 8.0-rated Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 that could allow an attacker to execute arbitrary code. Both vulnerabilities were initially published in the National Vulnerability Database (NVD) on August 4, 2025. The Dassault Systèmes advisories for CVE-2025-6204 and CVE-2025-6205 include links for customers to access remediation information. CVE-2025-5086, the DELMIA Apriso vulnerability added to the CISA KEV database in September, is a 9.0-rated Deserialization of Untrusted Data vulnerability that also affects Release 2020 through Release 2025 and could lead to remote code execution. That vulnerability was initially published on June 2, 2025. Before CVE-2025-5086, an analysis by The Cyber Express shows that the most recent ICS/OT vulnerability added to the KEV catalog was CVE-2023-6448, a 9.8-severity Insecure Default Password vulnerability in Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs.

image for CCB’s Cyber Crime ...

 Firewall Daily

Bengaluru’s Central Crime Branch (CCB) has dismantled a major international cybercrime racket, revealing a hacking operation that siphoned off ₹47 crore (approximately $5.6 million) from a private finance company in just two and a half hours. The Cyber Crime Wing of the CCB confirmed the arrest of two individuals   show more ...

involved in the scam, while the primary masterminds are suspected to be based in Dubai.  Massive Heist in Just Two and a Half Hours  The financial breach occurred on the night of October 6, when hackers infiltrated the systems of Wisdom Finance Pvt. Ltd. and executed 1,782 unauthorized transactions within a span of two and a half hours. The stolen funds were funneled into 656 different bank accounts across India.  According to the complaint filed by a senior manager of Wisdom Finance, the transactions did not originate from the firm’s official systems or registered IP addresses. Instead, they were traced to foreign IPs, notably from Hong Kong and Lithuania.  City Police Commissioner Seemant Kumar Singh stated, “This is the first of its kind of case cracked by the CCB team. We have gathered the details of the accused in Dubai, and efforts are on to track them down.” The police also announced a partial recovery of ₹10 crore (approximately $1.2 million) from the stolen funds. Local Arrests Expose the Indian End of the Cybercrime Racket  The Cyber Crime Wing investigation led to two arrests in India who acted as facilitators in the cybercrime racket. The first suspect, Sanjay Patel, a 43-year-old plumber from Udaipur, Rajasthan, allegedly supplied “mule accounts” used for laundering stolen funds in exchange for commission. Authorities traced Patel after detecting a suspicious transfer of ₹27,39,000 (around $33,000) into a State Bank of India account linked to him, as reported by The Hindu. Further investigation uncovered another major transaction of ₹5.5 crore (about $650,000) transferred from Wisdom Finance to Unknown Technologies Pvt. Ltd., a Hyderabad-based company. The funds were later routed through a private bank account belonging to another individual.  These transfers were traced to IP addresses hosted by Webyne Data Centre, revealing a crucial digital trail. Police later identified Ismail Rasheed Attar, a 27-year-old digital marketing executive from Belagavi, as the person who had purchased the IP addresses used during the heist. Attar, a high school dropout, was arrested shortly after.  Dubai-Based Masterminds Hired Global Hackers  Investigations by the Cyber Crime Wing revealed that two Dubai-based masterminds orchestrated the attack. They reportedly rented five servers using the IP addresses obtained from Attar and then hired hackers from Hong Kong to infiltrate Wisdom Finance’s API systems. By exploiting security vulnerabilities, the hackers bypassed the company’s internal defenses and initiated the massive fund transfer.  The CCB suspects that the Dubai-based operators coordinated their activities using encrypted communication platforms and cryptocurrency wallets to pay the international hackers. The stolen money was quickly moved through hundreds of mule accounts, making it difficult to trace.  Although the two arrested suspects were low-level operatives, the evidence recovered—including IP logs, bank transaction records, and communication data—has provided investigators with leads on the larger network.  Cross-Border Coordination to Combat Cybercrime Rackets  The Cyber Crime Wing continues to collaborate with international law enforcement agencies to locate the primary culprits and recover the remaining funds. Officials noted that this case highlights the global and organized nature of cybercrime rackets, which often operate across multiple countries using advanced technology and digital anonymity.  Law enforcement authorities also issued a warning to businesses to tighten their cybersecurity systems, particularly those engaged in large-scale online transactions. They urged financial institutions to implement stricter monitoring tools to detect suspicious activities, especially during late-night hours when such breaches are more likely to occur. 

image for Critical Flaw CVE-20 ...

 Firewall Daily

A critical vulnerability, tracked as CVE-2025-55315, has been identified in QNAP’s NetBak PC Agent, stemming from a flaw within Microsoft’s ASP.NET Core framework. The issue allows attackers to exploit HTTP Request Smuggling (CWE-444) techniques to bypass essential security controls, potentially granting   show more ...

unauthorized access to sensitive backup data and system files.  According to the official security advisory (Security ID: QSA-25-44) published on October 24, 2025, QNAP confirmed that systems running NetBak PC Agent are at risk because the software installs and relies on the vulnerable ASP.NET Core runtime components.   This flaw has been rated “Important” in severity for QNAP users, while external security researchers have classified the underlying vulnerability as critical, with a CVSS score of up to 9.9.  How CVE-2025-55315 Affects NetBak PC Agent  The vulnerability resides in the way ASP.NET Core handles HTTP requests. By crafting specially formed requests, an authenticated attacker could exploit inconsistencies in how the web server interprets incoming messages. Successful exploitation could lead to bypassing security protections, accessing confidential backup data, altering server files, or even causing limited denial-of-service conditions.  Because NetBak PC Agent depends on ASP.NET Core during both installation and runtime, any unpatched version of the framework installed alongside the software leaves systems exposed. Backup servers running outdated ASP.NET Core components are particularly vulnerable, putting backup integrity and data availability at risk.  QNAP emphasized that the vulnerability requires authentication, meaning attackers must already have valid credentials or access. However, insider threats or compromised accounts within corporate networks remain realistic and dangerous attack vectors. Once inside, a malicious actor could leverage CVE-2025-55315 to escalate privileges or move laterally across the network.  QNAP’s Recommendations and Patch Guidance  QNAP has issued two main methods to address the vulnerability in NetBak PC Agent:  Reinstall NetBak PC Agent  Go to Settings → Apps → Installed apps, and uninstall the current version of NetBak PC Agent.  Download the latest version from QNAP’s official website.  Reinstalling the agent automatically installs the latest ASP.NET Core runtime components. Manually Update ASP.NET Core  Visit Microsoft’s official .NET 8.0 download page.  Download and install the latest ASP.NET Core Runtime (Hosting Bundle) — version 8.0.21 as of October 2025.  Restart the affected applications or system to ensure the updates are applied correctly.  QNAP further advises administrators to test patches in controlled environments before organization-wide deployment. Ensuring that all systems running NetBak PC are uniformly updated helps prevent inconsistent security configurations across enterprise networks. Lessons from CVE-2025-55315  The discovery of CVE-2025-55315 highlights the persistent cybersecurity reality that vulnerabilities in foundational frameworks like ASP.NET Core can ripple outward to affect multiple dependent applications. In this case, NetBak PC Agent’s reliance on these components links the safety of backup infrastructure directly to Microsoft’s update cadence.  Organizations relying on NetBak PC for protecting data should act immediately to mitigate the risk. Beyond applying patches, implementing regular vulnerability scanning, automated patch management, and periodic security audits can help prevent similar exposures. 

image for GhostCall and GhostH ...

 Business

Experts from the Kaspersky Global Research and Analysis Team (GReAT) talked at the Security Analyst Summit 2025 about the activities of the BlueNoroff APT group, which we believe to be a subgroup of Lazarus. In particular, they described in detail two campaigns targeting developers and executives in the crypto   show more ...

industry: GhostCall and GhostHire. The BlueNoroff actors are primarily interested in financial gain, and currently prefer to attack employees of organizations working with blockchain. Targets are chosen carefully: the attackers clearly prepare thoroughly for each attack. The GhostCall and GhostHire campaigns are very different from each other, but they depend on a common management infrastructure, which is why our experts combined them into a single report. The GhostCall campaign The GhostCall campaign mainly targets executives of various organizations. The attackers attempt to infect their computers with malware designed to steal cryptocurrency, credentials, and secrets that the victims may be working with. The main platform that GhostCall operators are interested in is macOS — probably because Apple devices are particularly popular among the management of modern companies. GhostCall attacks begin with fairly sophisticated social engineering: attackers pretend to be investors (sometimes using stolen accounts of real entrepreneurs and even fragments of real video calls with them) and try to arrange a meeting to discuss partnership or investment. The goal is to lure the victim to a website that mimics Microsoft Teams or Zoom. A standard trap awaits them there: the website displays a notification about the need to update the client or fix some technical problem. To do this, the victim is asked to download and run a file, which leads to the infection of the computer. Details about the various infection chains (there are at least seven in this campaign, four of which our experts haven’t encountered before), along with indicators of compromise, can be found in the blogpost on the Securelist website. The GhostHire campaign GhostHire is a campaign targeting developers working with blockchain. The ultimate goal is the same —to infect computers with malware — but the maneuver is different. In this case, attackers lure victims with offers of employment with favorable terms. During negotiations, they give the developer the address of a Telegram bot, which provides the victim with a link to GitHub with a test task, or offers to download it in an archive. To prevent the developer from having time to think it over, the task has a fairly tight deadline. While performing the test, the victim’s computer becomes infected with malware. The tools used by attackers in the GhostHire campaign and their indicators of compromise can also be found in the post on the Securelist blog. How to protect yourself from GhostCall and GhostHire attacks? Although GhostCall and GhostHire target specific developers and company executives, attackers are primarily interested in the working infrastructure. Therefore, the task of protecting against these attacks falls on the shoulders of corporate IT security specialists. We therefore recommend: Periodically raising awareness among all company employees about the tricks used by modern attackers. Training should take into account the nature of the work of specific specialists, including developers and managers. Such training can be organized using a specialized online platform, such as Kaspersky Automated Security Awareness Platform. Use modern security solutions on all corporate devices that employees use to communicate with the outside world.

 Government

The agency’s decision to approve a proposal released on October 7 means the FCC will broaden the definition of “caller identity information,” implement new requirements for service providers and mandate that providers alert consumers when calls are coming from overseas.

 Feed

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity "reveals a notable evolution in SideWinder's TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in

 Feed

The New Reality for Lean Security Teams If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, and constant

 Feed

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky. The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under

 Feed

In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn every day. Companies that treat cybersecurity as a

 Feed

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer's main processor, including Intel's Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD's Secure Encrypted Virtualization with Secure

 Feed

Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. "Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection," ThreatFabric said in a report shared with

 Feed

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,

 AI

In episode 74 of The AI Fix, we meet Amazon's AI-powered delivery glasses, an AI TV presenter who doesn't exist, and an Ohio lawmaker who wants to stop people from marrying their chatbot. Also, we learn how Geoffrey Hinton and Steve Wozniak have teamed up with the unlikely coupling of will.i.am and Steve   show more ...

Bannon to pull the brakes on "super-intelligence." Meanwhile, Graham wonders if you should really trust an AI browser with your passwords, or your credit card, or, frankly, anything at all, and Mark reveals what AGI really means - and how close we are to reaching it. It’s an episode packed with deepfaked sidebars, brain-rotted AIs, and humans who still can’t take selfies properly. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

2025-10
Aggregator history
Tuesday, October 28
WED
THU
FRI
SAT
SUN
MON
TUE
OctoberNovemberDecember