Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Software Supply Chai ...

 Cyber News

Software supply chain attacks hit levels in October that were more than 30% higher than any previous month. Threat actors on dark web data leak sites claimed 41 supply chain attacks in October, 10 more than the previous high seen in April 2025, Cyble reported today in a blog post. Supply chain attacks have more than   show more ...

doubled since April, averaging more than 28 a month compared to the 13 attacks per month seen between early 2024 and March 2025, Cyble said (chart below). [caption id="attachment_106524" align="aligncenter" width="717"] Supply chain attacks by month 2024-2025 (Cyble)[/caption] Reasons Behind the Record Supply Chain Attacks The threat intelligence company cited several reasons for the increase in attacks. The primary drivers of the surge in supply chain attacks have been a “combination of critical and zero-day IT vulnerabilities and threat actors actively targeting SaaS and IT service providers,” the blog post said, noting that “the sustained increase suggests that the risk of supply chain attacks may remain elevated going forward.” Cloud security threats and AI-based phishing campaigns are other causes cited by Cyble, although voice phishing (vishing) also played a large role in recent Scattered LAPSUS$ Hunters Salesforce breaches. IT Companies Hit Hardest as Ransomware Groups Lead Attacks All 24 industry sectors tracked by Cyble have been hit by a supply chain attack this year, but IT and IT services companies have been by far the biggest target because of “the rich target they represent and their downstream customer reach.” The 107 supply chain attacks targeting IT companies so far this year have been more than triple those of the next nearest sectors, which include financial services, transportation, technology and government (chart below). [caption id="attachment_106523" align="aligncenter" width="723"] Supply chain attacks by sector 2025 (Cyble)[/caption] Ransomware groups have been some of the biggest contributors to the increase in supply chain attacks. Qilin and Akira have been the top two ransomware groups so far this year, and the two have also claimed “an above-average share of supply chain attacks,” Cyble said. Akira’s recent victims have included an unnamed “major open-source software project,” the threat researchers said, and the 23GB of data stolen by the group includes “internal confidential files, and reports related to software issues and internal operations,” among other information. Akira and Qilin have also claimed a number of attacks on IT companies, including some serving sensitive sectors such as government, intelligence, defense, law enforcement agencies, healthcare, industrial and energy companies, and payment processing and financial infrastructure solutions. In one incident, Qilin claimed to have stolen source code for proprietary software products used by law enforcement, criminal justice, public safety, and security organizations. In one case, Qilin claimed to have breached customers of a U.S.-based cybersecurity and cloud services provider for healthcare and dental organizations through “clear-text credentials stored in Word and Excel documents hosted on the company’s systems.” Kyber, a new ransomware group, leaked more than 141GB of project files, internal builds, databases, and backup archives allegedly stolen from “a major U.S.-based defense and aerospace contractor that provides communication, surveillance, and electronic warfare systems.” Cl0p ransomware group exploits of Oracle E-Business Suite vulnerabilities a Red Hat GitLab breach were among the other major incidents in October. Protecting Against Supply Chain Risks The Cyble researchers said that guarding against supply chain attacks ”can be challenging because these partners and suppliers are, by nature, trusted, but security audits and assessing third-party risk should become standard cybersecurity practices.” The researchers outlined several steps security teams can take to better protect their organizations. “The most effective place to control software supply chain risks is in the continuous integration and development (CI/CD) process, so carefully vetting partners and suppliers and requiring good security controls in contracts are essential for improving third-party security,” the threat researchers added.

image for China Updates Cybers ...

 Firewall Daily

China has announced amendments to its Cybersecurity Law (CSL), marking the first major overhaul of the framework since its enactment in 2017. The revisions, approved by the Standing Committee of the National People’s Congress in October 2025, are aimed at enhancing artificial intelligence (AI) safety, strengthening   show more ...

enforcement mechanisms, and clarifying incident reporting obligations for onshore infrastructure.   The updated cybersecurity law will officially take effect on January 1, 2026.  CSL Updates Strengthen AI Governance and National Security One of the most notable updates to the CSL is the inclusion of a new article emphasizing state support for AI development and safety. This addition is the first explicit mention of artificial intelligence within China’s cybersecurity framework.   At the same time, the amendment stresses the importance of establishing ethical standards and safety oversight mechanisms for AI technologies. The new provisions encourage the use of AI and other technologies to improve cybersecurity management, signaling a growing recognition of AI’s dual role as both an enabler of progress and a potential source of risk.   While the revised cybersecurity law articulates strategic priorities, detailed implementation guidelines are expected to follow with future regulations or technical standards, reported Global Policy Watch. Expanding Enforcement and Liability The 2025 amendments introduce stricter enforcement measures and higher penalties for violations under the CSL. Companies and individuals found in serious breach of the law could face increased fines, up to RMB 10 million for organizations and RMB 1 million for individuals. The revisions also broaden liability to include additional categories of violations, reflecting China’s ongoing efforts to strengthen accountability across its digital ecosystem.  Moreover, the updated cybersecurity law expands its extraterritorial reach. Previously, the CSL’s jurisdiction over cross-border cyber incidents was limited to foreign actions harming China’s critical information infrastructure (CII). The new amendments extend coverage to any foreign conduct that endangers the country’s network security, regardless of whether it targets CII. In severe cases, authorities may impose sanctions such as asset freezes or other punitive measures.  Clarifying Data Protection Obligations The amendments also resolve a long-standing ambiguity surrounding personal data processing. Under the revised CSL, network operators are now explicitly required to comply not only with the cybersecurity law itself but also with the Civil Code and the Personal Information Protection Law (PIPL). This clarification reinforces the interconnected nature of China’s data governance regime and provides clearer guidance for companies handling personal information.  Complementing the CSL amendments, the Cyberspace Administration of China (CAC) issued the Administrative Measures for National Cybersecurity Incident Reporting, which will come into force on November 1, 2025. These new reporting measures consolidate previously scattered requirements into a unified framework, creating clearer operational expectations for organizations managing onshore infrastructure.  The Measures apply to all network operators that build or operate networks within China or provide services through Chinese networks. Notably, the rules appear to exclude offshore incidents, even when they affect Chinese users, suggesting that the primary focus remains on domestic cybersecurity resilience.  Defined Thresholds and Reporting Procedures Under the new system, cybersecurity incidents are classified into four levels of severity. Operators must report “relatively major” incidents, such as data breaches involving more than one million individuals or economic losses exceeding RMB 5 million (approximately USD 700,000), within four hours of discovery. A preliminary report must be followed by a full assessment within 72 hours and a post-incident review within 30 days of resolution.  The CAC has introduced multiple reporting channels, including a dedicated hotline, website, email, and WeChat platform, to simplify compliance. Failure to report, delayed notifications, or false reporting can result in penalties. Conversely, prompt and transparent reporting may mitigate or eliminate liability under the revised cybersecurity law. 

image for U.S. Prosecutors Ind ...

 Firewall Daily

Federal prosecutors in the United States have charged three individuals for allegedly carrying out a series of ransomware attacks targeting five U.S. companies using BlackCat ransomware, also known as ALPHV, between May and November 2023. The attacks reportedly aimed to extort large sums from the victims,   show more ...

including medical, engineering, pharmaceutical, and technology organizations. Insiders Accused of Orchestrating Ransomware Attacks Kevin Tyler Martin and another accomplice, referred to in court documents as “Co-Conspirator 1,” were employed at the time as ransomware negotiators for DigitalMint, a Chicago-based company that specializes in mitigating cyberattacks. Ryan Clifford Goldberg, an incident response manager at Sygnia Cybersecurity Services, was also indicted in the scheme.  The Chicago Sun-Times first reported the charges, highlighting the unusual circumstances in which employees of a firm tasked with resolving ransomware attacks allegedly engaged in their own cybercrimes. “Employees of DigitalMint, a company that specializes in negotiating ransoms in cyberattacks, were part of a small crew, the feds say conducted five hacks that scored more than $1 million,” the outlet reported.  Timeline and Targets of BlackCat Ransomware Attacks Prosecutors claim the group began deploying BlackCat ransomware in May 2023. The first target was a medical company in Florida, whose servers were locked with a ransom demand of $10 million. Court records indicate that the attack ultimately netted $1.2 million, which was routed through cryptocurrency mixers to conceal the transaction. Subsequent targets included a Maryland-based pharmaceutical company, a California doctor’s office with a $5 million demand, an engineering company in California with a $1 million demand, and a Virginia drone manufacturer with a $300,000 demand.  According to FBI documents, Goldberg initially denied involvement when interviewed in June 2025 but later admitted that the unnamed co-conspirator had recruited him. He stated his motivation stemmed from personal debt and fears of federal prison, and he described how the illicit funds were transferred through multiple cryptocurrency wallets to hide the digital trail.  Both DigitalMint and Sygnia have publicly stated they were not targets of the investigation and have cooperated fully with law enforcement. DigitalMint confirmed it terminated the employees involved, emphasizing that the alleged attacks occurred outside its systems and did not compromise client data. Sygnia noted that Goldberg was no longer employed by the firm.  Legal Proceedings and Potential Consequences Martin and Goldberg were indicted on October 2, 2025, on multiple charges, including conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce, and intentional damage to protected computers. Goldberg has been taken into custody, while Martin was released on a $400,000 bond. Both face a potential maximum sentence of 50 years in federal prison.  The timeline of attacks, according to court documents, includes:  May 13, 2023: Attack on the Florida medical device company; $1.274 million paid in cryptocurrency.  May 2023: Attack on an unspecified firm, ransom demand unknown.  July 2023: Attack on the California doctor’s office; $5 million ransom demand.  October 2023: Attack on the California engineering company; $1 million ransom demand.  November 2023: Attack on the Virginia drone manufacturer; $300,000 ransom demand.  While Martin has pleaded not guilty, Goldberg allegedly admitted to participating in the attacks in coordination with the co-conspirator to “ransom some companies.” The third individual involved has not been indicted.  The FBI warns that malicious software like BlackCat ransomware can encrypt files on local drives, networked computers, and attached devices, with victims often coerced into paying ransoms to regain access to critical systems. 

image for Apple Rolls Out iOS ...

 Firewall Daily

Apple has released a new round of security updates for its mobile platforms, introducing iOS 26.1 and iPadOS 26.1. The latest Apple security updates are available for a wide range of devices. iPhone models beginning with the iPhone 11 and later are supported.   On the tablet side, the updates cover the iPad Pro   show more ...

(3rd generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later). Essentially, anyone using a relatively recent Apple device is eligible to install this patch.  Modern smartphones and tablets have become central to users’ daily lives, storing passwords, personal communications, photos, and financial data. Any flaw in system security represents a potential gateway for malicious activity. These Apple security updates address multiple vulnerabilities that could otherwise allow unauthorized access to sensitive information or even cause system crashes.  Apple reiterated its long-standing policy of confidentiality during investigations, stating that the company does not disclose or confirm security vulnerabilities until a full review has been completed and necessary fixes have been released.  Key Vulnerabilities Fixed in the latest Apple security updates Apple’s documentation outlines dozens of component-level fixes. The following highlights the most notable ones:  Neural Engine flaws (CVE-2025-43447 & CVE-2025-43462): A malicious app could exploit the Neural Engine to crash system components or corrupt kernel memory. This was fixed through improved memory-handling within the Neural Engine framework.  Apple Account screenshot capture (CVE-2025-43455): Some apps could take screenshots of private data displayed in embedded views. Apple added stricter privacy checks to block this.  AppleMobileFileIntegrity & Assets: These components control how apps access files and enforce sandbox restrictions. Weaknesses here could allow an app to escape its sandbox or access protected data. Apple strengthened symlink validation and entitlement handling to close these gaps.  Audio and Camera systems: Both subsystems received new logic restrictions to reduce unwanted access.  Safari browser: The update fixes issues that could have allowed address bar spoofing or UI deception. Improved state management now prevents these attacks.  Component-Specific Fixes Apple’s patch notes provide a detailed account of the components affected:  Accessibility (CVE-2025-43442): A permissions issue could allow an app to identify installed apps. The update adds stricter access restrictions.  Apple TV Remote (CVE-2025-43449): A malicious app might track users across installations. Apple improved cache handling to prevent tracking.  AppleMobileFileIntegrity (CVE-2025-43379): Prevents unauthorized access to protected data by improving symlink validation.  Assets (CVE-2025-43407): Prevents sandbox escapes with enhanced entitlement rules.  Audio (CVE-2025-43423): Fixed a flaw that could expose system logs when devices were paired to a Mac. Sensitive data is now redacted.  Camera (CVE-2025-43450): Prevents apps from learning about the camera view before permission is granted.  CloudKit (CVE-2025-43448): Reinforces sandbox protection to stop potential data leaks.  Contacts (CVE-2025-43426): Prevents unauthorized access to user data through better data redaction.  Control Centre (CVE-2025-43350): Closes a loophole that could reveal restricted lock-screen content.  CoreServices (CVE-2025-43436): Stops apps from enumerating installed apps.  CoreText (CVE-2025-43445): Fixes a memory corruption bug triggered by malicious media files.  FileProvider (CVE-2025-43498): Strengthens authorization handling to block unauthorized data access.  Find My (CVE-2025-43507): Addresses a potential user-fingerprinting issue.  Installer (CVE-2025-43444): Prevents app fingerprinting by tightening permissions.  Kernel (CVE-2025-43398): Addresses system termination risks by improving memory handling.  libxpc (CVE-2025-43413): Prevents network activity observation from sandboxed apps.  Mail Drafts (CVE-2025-43496): Stops remote content from loading when the “Load Remote Images” setting is disabled.  Model I/O (CVE-2025-43383–43386): Prevents app crashes or corruption from malicious files.  Multi-Touch (CVE-2025-43424): Adds stronger bounds-checking against malicious hardware input.  Notes (CVE-2025-43389): Removes vulnerable code to stop unauthorized data access.  On-Device Intelligence (CVE-2025-43439): Eliminates data that could be used for user fingerprinting.  Photos (CVE-2025-43391): Improves handling of temporary files to prevent data leaks.  Sandbox Profiles (CVE-2025-43500): Fixes flaws in preference handling to better secure user data.  Siri (CVE-2025-43454): Resolves an issue that prevented devices from locking consistently.  Status Bar: Fixes a condition where sensitive information could be seen on locked devices.  Research Credits and Acknowledgments Apple credited numerous independent researchers and teams for identifying these issues. Notable acknowledgments include Isaiah Wan (CVE-2025-43460, Stolen Device Protection), Will Caine (CVE-2025-43422, Text Input), and multiple contributors. The company also thanked contributors working on WebKit, Accessibility, Safari, and Photos vulnerabilities.  Owners of eligible iPhones or iPads are advised to install iOS 26.1 or iPadOS 26.1 immediately. These vulnerabilities are not hypothetical; many involve exploitable memory-handling issues, sandbox escapes, and unauthorized data access. Installing the update drastically reduces potential exposure.  Updating is straightforward: open Settings > General > Software Update, and follow the on-screen instructions. It is recommended that the device remain plugged in and connected to Wi-Fi during installation. 

 Feed

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

 Feed

Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption. The list of vulnerabilities is as follows - CVE-2025-43429 - A buffer overflow

 Feed

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

 Feed

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March

 Feed

Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide. A ransomware attack typically begins when the malware infiltrates a system through various vectors such as

 Feed

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for

 Feed

The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators'

 Feed

Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in

 Feed

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's

2025-11
Aggregator history
Tuesday, November 04
SAT
SUN
MON
TUE
WED
THU
FRI
November