Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Marks And Spencer Re ...

 Cyber News

Marks And Spencer Group Plc (M&S) has reported a dramatic decline in its first-half profit, largely from the financial impact arising from a recent cyberattack. The company, disclosed their half-year results on Wednesday, revealing how the one-off costs from the cyber incident sharply affected their earnings   show more ...

performance.  According to the retail group, profit before tax plunged 99.1 percent to £3.4 million for the 26 weeks ending in the first half of the financial year, compared to £391.9 million during the same period last year. Attributable profit after tax also dropped 97.8 percent to £6.2 million, down from £282.1 million a year ago. Basic earnings per share followed a similar trend, falling 97.9 percent to 0.3 pence from 14.0 pence.  M&S stated that the severe profit decline was driven by adjusting items amounting to £167.8 million, of which £101.6 million was directly linked to the cyberattack that took place during the first few weeks of the financial year. In comparison, the company recorded just £15.9 million in adjusting items last year. These one-time charges dented the retailer’s bottom line.  Marks And Spencer's Sales Growth Resilient Despite Operational Disruptions  Despite the disruption, M&S maintained its resilience in sales performance. Group revenue surged 22.5 percent to £7.942 billion from £6.481 billion a year earlier. Group sales also climbed 22.1 percent to £7.965 billion, reflecting strong consumer demand across several categories.  In terms of business segments, Food sales saw a notable rise of 7.8 percent year-on-year, reaching £4.532 billion. However, the Fashion, Home & Beauty segment recorded a 16.4 percent decline, with sales falling to £1.70 billion. M&S attributed this decrease to a temporary suspension of online operations following the cyberattack, which occurred between late April and early June. The company noted that online services gradually recovered over the summer months.  International sales were also down, falling 11.6 percent to £255.8 million. Meanwhile, adjusted profit before tax came in at £184.1 million, down from £413.1 million last year. Adjusted basic earnings per share dropped to 6.6 pence from 14.7 pence. The retailer explained that profits in both its Food and Fashion, Home & Beauty divisions were affected by the trading disruption caused by the cyberattack, though this was partially offset by insurance income.  Outlook Remains Cautiously Optimistic  Marks And Spencer expects second-half profits to remain at least in line with last year’s performance. The company noted that the residual impact of the cyber incident is gradually easing and should continue to diminish in the coming months. Nonetheless, M&S acknowledged that the consumer environment remains “as uncertain as ever” heading into the second half of the financial year.  In a sign of confidence, M&S declared an interim dividend of 1.2 pence per share—an increase of 20 percent from last year’s 1 pence. The dividend will be payable on January 9, 2026, to shareholders on record as of November 28, 2025.  Despite the temporary setback from the cyberattack, Marks And Spencer remains optimistic about recovery. The company expressed confidence that it will be “back on track” by the end of the financial year, with operational stability expected to return as it moves past the aftermath of the incident. 

image for Google Issues Emerge ...

 Firewall Daily

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms,   show more ...

Windows, macOS, and Linux, as well as Android devices through Google Play and Chrome’s built-in update mechanism.  The latest update fixes five distinct security flaws, three of which have been rated as high severity due to their potential for memory corruption and remote code execution. Among these, the most critical issue is CVE-2025-12725, a flaw found in WebGPU, Chrome’s graphics processing interface.   This vulnerability, caused by an out-of-bounds write error, could allow malicious code to overwrite crucial system memory and execute arbitrary commands. An anonymous security researcher first discovered CVE-2025-12725 on September 9, 2025. Google has restricted technical details of the exploit to prevent attackers from leveraging it before most users have applied the update.  Other High-Severity Issues: CVE-2025-12726 and CVE-2025-12727 Two other high-severity vulnerabilities were also patched. CVE-2025-12726, reported by researcher Alesandro Ortiz on September 25, involves an inappropriate implementation in Chrome’s Views component, the part responsible for handling the browser’s user interface. Meanwhile, CVE-2025-12727, identified by researcher 303f06e3 on October 23, affects Chrome’s V8 JavaScript engine, the core of Chrome’s performance and execution environment.  Both CVE-2025-12726 and CVE-2025-12727 could allow attackers to manipulate memory and potentially execute malicious code remotely. According to Google’s internal assessments, these vulnerabilities received CVSS 3.1 scores of 8.8, indicating direct risk.  Medium-Severity Omnibox Issues Alongside these critical patches, Google addressed two medium-severity vulnerabilities in Chrome’s Omnibox, the combined search and address bar. CVE-2025-12728, reported by Hafiizh, and CVE-2025-12729, discovered by Khalil Zhani, both stem from inappropriate implementations that could lead to data exposure or UI manipulation. While not as severe as the WebGPU or V8 flaws, these issues still warrant prompt user updates to prevent potential misuse.  According to Google’s official release notes:  Desktop (Windows, macOS, Linux): Version 142.0.7444.134/.135  Android: Version 142.0.7444.138  Google emphasized that the Android release contains the same security fixes as its desktop counterparts. The rollout will continue over the next few days and weeks as part of the company’s staged deployment process.  Official Statement and Update Details In the official blog post, Chrome team member Krishna Govind confirmed the emergency patch for Android and desktop. The post highlighted ongoing efforts to enhance stability and performance, while ensuring that users receive timely security updates.  “We’ve just released Chrome 142 (142.0.7444.138) for Android,” the statement read. “It’ll become available on Google Play over the next few days. If you find a new issue, please let us know by filing a bug.”  The blog also reiterated that Chrome’s Stable Channel Update for Windows, macOS, and Linux began rolling out simultaneously on November 5, 2025.  Google credited the security researchers who responsibly disclosed these vulnerabilities before they could be exploited. The company stated that detailed technical information will remain withheld until “a majority of users have updated,” reducing the risk of targeted attacks exploiting CVE-2025-12725, CVE-2025-12726, or CVE-2025-12727.  User Recommendations It is recommended that all users update Chrome immediately. Desktop users should go to Settings → About Chrome to check for version 142.0.7444.134 or later, while Android users can verify updates via the Google Play Store. Enabling automatic updates is strongly advised to ensure future patches are applied as soon as they are released.  Even though the two Omnibox vulnerabilities (CVE-2025-12728 and CVE-2025-12729) are less critical, delaying updates can still expose users to phishing or injection risks through manipulated browser interfaces. 

image for How enterprise effic ...

 Business

The implementation of Software-Defined Wide Area Networks (SD-WANs) boosts enterprise operational efficiency, saves money, and enhances security. These impacts are so significant that they’re sometimes visible on a national scale. According to The Transformative Impact of SD-WAN on Society and Global Development   show more ...

article from the International Journal for Multidisciplinary Research, the technology’s implementation can result in a 1.38% increase in GDP for developing countries. At the company level, the effects are even more pronounced. For example, in modern, deeply digitized industrial manufacturing, it can reduce unplanned downtime by 25%. Furthermore, SD-WAN implementation projects not only offer a fast return on investment, but also continue to deliver additional benefits and increased efficiency as the solution receives updates, and new versions are released. To demonstrate this, we present the new Kaspersky SD-WAN 2.5 and its most compelling features. Optimized traffic rerouting algorithms This is a classic SD-WAN feature, and one of the technology’s primary competitive advantages. Traffic routing depends on the nature and location of the business application, but it also considers current priorities and network conditions: in some cases, reliability is paramount; in others, speed or low latency is key. The new version of Kaspersky SD-WAN improves the algorithm, and factors in detailed data about traffic loss on every possible path. This ensures the stable operation of critical services across geographically distributed networks — for example, by reducing issues with large-scale, nationwide video conferences. Crucially, this increase in reliability is accompanied by a reduced workload on network engineers and support staff, as the route adaptation process is fully automated. Conditional DNS forwarding This feature optimizes the speed of domain name resolution, and helps maintain security policies for different types of applications. For example, requests related to MS Office cloud infrastructure will be forwarded directly from the local office to Microsoft’s CDN, while internal network server names will be resolved through the corporate DNS server. This approach significantly improves the speed of establishing connections, and eliminates the need for manual configuration of routers in every office. Instead, a single, unified policy is sufficient for the entire network. Scheduled CPE configuration changes Any large-scale network reconfiguration increases the risk of interruptions and outages — even if brief. To ensure such an event doesn’t disrupt critical business processes, any policy change within Kaspersky SD-WAN can be scheduled for a specific time. Want to change the router settings in a hundred offices simultaneously? Schedule the change for 02:00 local time or Saturday morning. This eliminates the need for regional IT staff to be physically present during the deployment. Simplified BGP and OSPF debugging Analysis of BGP routing can now be done entirely through the orchestrator’s graphical interface. Did a routing loop suddenly appear somewhere between the Milan and Paris offices? Instead of logging into the equipment in each office and all intermediary nodes via SSH, you can now identify and resolve the issue through a single interface — significantly reducing downtime. Easy CPE replacement If the network equipment in an office needs to be replaced, you can now preserve all existing settings when swapping it out. The technician in the office simply plugs in the new CPE unit, and the Kaspersky SD-WAN orchestrator automatically restores all policies and tunnels on it. This offers several immediate benefits: it significantly reduces downtime; the replacement can be performed by a technician without deep expert knowledge of network protocols; and it substantially reduces the probability of additional failures caused by manual configuration errors. LTE diagnostics While often the fastest and most cost-effective corporate communication channel to deploy, LTE comes with a drawback: instability. Both cellular coverage and operational speed can fluctuate frequently, requiring network engineers to take action — such as relocating the CPE to an area with better reception. Now, you can make these decisions with diagnostic data collected directly within the orchestrator. It displays the service parameters of connected LTE devices, including the signal strength level. Handling power failures For companies with the most stringent requirements for fault tolerance and recovery time, specialized CPE variants equipped with a small built-in power source are available by special order. In the event of a power failure, the CPE will be able to send detailed data about the failure type to the orchestrator. This gives administrators time to investigate the cause so they can resolve the issue much faster.   These are just some of the innovations in Kaspersky SD-WAN. Others include the ability to configure security policies for connections to the CPE console port, and support for large-scale networks with 2000+ CPEs and load balancing across multiple orchestrators. To learn more about how all these new features increase the value of SD-WAN for your organization, our experts are available to provide a personalized demo. The solution is available in select regions.

image for Cloudflare Scrubs Ai ...

 A Little Sunshine

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at   show more ...

Cloudflare says Aisuru’s overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company’s domain name system (DNS) service. The #1 and #3 positions in this chart are Aisuru botnet controllers with their full domain names redacted. Source: radar.cloudflare.com. Aisuru is a rapidly growing botnet comprising hundreds of thousands of hacked Internet of Things (IoT) devices, such as poorly secured Internet routers and security cameras. The botnet has increased in size and firepower significantly since its debut in 2024, demonstrating the ability to launch record distributed denial-of-service (DDoS) attacks nearing 30 terabits of data per second. Until recently, Aisuru’s malicious code instructed all infected systems to use DNS servers from Google — specifically, the servers at 8.8.8.8. But in early October, Aisuru switched to invoking Cloudflare’s main DNS server — 1.1.1.1 — and over the past week domains used by Aisuru to control infected systems started populating Cloudflare’s top domain rankings. As screenshots of Aisuru domains claiming two of the Top 10 positions ping-ponged across social media, many feared this was yet another sign that an already untamable botnet was running completely amok. One Aisuru botnet domain that sat prominently for days at #1 on the list was someone’s street address in Massachusetts followed by “.com”. Other Aisuru domains mimicked those belonging to major cloud providers. Cloudflare tried to address these security, brand confusion and privacy concerns by partially redacting the malicious domains, and adding a warning at the top of its rankings: “Note that the top 100 domains and trending domains lists include domains with organic activity as well as domains with emerging malicious behavior.” Cloudflare CEO Matthew Prince told KrebsOnSecurity the company’s domain ranking system is fairly simplistic, and that it merely measures the volume of DNS queries to 1.1.1.1. “The attacker is just generating a ton of requests, maybe to influence the ranking but also to attack our DNS service,” Prince said, adding that Cloudflare has heard reports of other large public DNS services seeing similar uptick in attacks. “We’re fixing the ranking to make it smarter. And, in the meantime, redacting any sites we classify as malware.” Renee Burton, vice president of threat intel at the DNS security firm Infoblox, said many people erroneously assumed that the skewed Cloudflare domain rankings meant there were more bot-infected devices than there were regular devices querying sites like Google and Apple and Microsoft. “Cloudflare’s documentation is clear — they know that when it comes to ranking domains you have to make choices on how to normalize things,” Burton wrote on LinkedIn. “There are many aspects that are simply out of your control. Why is it hard? Because reasons. TTL values, caching, prefetching, architecture, load balancing. Things that have shared control between the domain owner and everything in between.” Alex Greenland is CEO of the anti-phishing and security firm Epi. Greenland said he understands the technical reason why Aisuru botnet domains are showing up in Cloudflare’s rankings (those rankings are based on DNS query volume, not actual web visits). But he said they’re still not meant to be there. “It’s a failure on Cloudflare’s part, and reveals a compromise of the trust and integrity of their rankings,” he said. Greenland said Cloudflare planned for its Domain Rankings to list the most popular domains as used by human users, and it was never meant to be a raw calculation of query frequency or traffic volume going through their 1.1.1.1 DNS resolver. “They spelled out how their popularity algorithm is designed to reflect real human use and exclude automated traffic (they said they’re good at this),” Greenland wrote on LinkedIn. “So something has evidently gone wrong internally. We should have two rankings: one representing trust and real human use, and another derived from raw DNS volume.” Why might it be a good idea to wholly separate malicious domains from the list? Greenland notes that Cloudflare Domain Rankings see widespread use for trust and safety determination, by browsers, DNS resolvers, safe browsing APIs and things like TRANCO. “TRANCO is a respected open source list of the top million domains, and Cloudflare Radar is one of their five data providers,” he continued. “So there can be serious knock-on effects when a malicious domain features in Cloudflare’s top 10/100/1000/million. To many people and systems, the top 10 and 100 are naively considered safe and trusted, even though algorithmically-defined top-N lists will always be somewhat crude.” Over this past week, Cloudflare started redacting portions of the malicious Aisuru domains from its Top Domains list, leaving only their domain suffix visible. Sometime in the past 24 hours, Cloudflare appears to have begun hiding the malicious Aisuru domains entirely from the web version of that list. However, downloading a spreadsheet of the current Top 200 domains from Cloudflare Radar shows an Aisuru domain still at the very top. According to Cloudflare’s website, the majority of DNS queries to the top Aisuru domains — nearly 52 percent — originated from the United States. This tracks with my reporting from early October, which found Aisuru was drawing most of its firepower from IoT devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon. Experts tracking Aisuru say the botnet relies on well more than a hundred control servers, and that for the moment at least most of those domains are registered in the .su top-level domain (TLD). Dot-su is the TLD assigned to the former Soviet Union (.su’s Wikipedia page says the TLD was created just 15 months before the fall of the Berlin wall). A Cloudflare blog post from October 27 found that .su had the highest “DNS magnitude” of any TLD, referring to a metric estimating the popularity of a TLD based on the number of unique networks querying Cloudflare’s 1.1.1.1 resolver. The report concluded that the top .su hostnames were associated with a popular online world-building game, and that more than half of the queries for that TLD came from the United States, Brazil and Germany [it’s worth noting that servers for the world-building game Minecraft were some of Aisuru’s most frequent targets]. A simple and crude way to detect Aisuru bot activity on a network may be to set an alert on any systems attempting to contact domains ending in .su. This TLD is frequently abused for cybercrime and by cybercrime forums and services, and blocking access to it entirely is unlikely to raise any legitimate complaints.

 Feed

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. "This hidden environment, with its lightweight

 Feed

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor - was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a

 Feed

Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in

 Feed

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political

 Feed

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative

 Feed

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link

 Feed

Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service

 Law & order

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go wrong? All this and more is discussed in episode 442 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Dave Bittner.

2025-11
Aggregator history
Thursday, November 06
SAT
SUN
MON
TUE
WED
THU
FRI
NovemberDecemberJanuary