Author: Declan Murphy
Torrance, United States, October 14th, 2025, CyberNewsWirePrison IP at Sales space J30 | Sands Expo Singapore | October 21 – 23, 2025Prison IP, a world cybersecurity firm, introduced its participation in GovWare 2025, Asia’s largest cybersecurity convention, which will likely be held on the Sands Expo in Singapore from October 21 to 23.On the occasion, Prison IP will showcase its flagship platform, introducing its revolutionary safety methods in Assault Floor Administration (ASM) and Cyber Menace Intelligence (CTI) to the worldwide market.Strengthening International Presence by AI-Powered ASM and CTIPrison IP is a safety platform that mixes AI-based detection know-how with OSINT-based…
Huntress’ new discovery, nonetheless, factors to a separate, credential-driven marketing campaign. Beginning round October 4, Huntress noticed mass logins into SonicWall SSLVPN units from attacker-controlled IPs – one notably traced to 202.155.8[.]73. Many login periods had been temporary, however others concerned deeper community reconnaissance and makes an attempt to entry inner Home windows accounts, suggesting lateral motion makes an attempt. “We now have no proof to hyperlink this (SonicWall’s) advisory to the current spike in compromises that we’ve got seen,” Huntress famous, including that “none could exist permitting us to discern that exercise from our vantage level.” Even when menace…
On October 3, 2025, Hackread.com revealed an in-depth report wherein hackers claimed to have stolen 989 million data from 39 main firms worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected corporations enter negotiations earlier than October 10, 2025, warning that if their calls for had been ignored, they’d launch the whole dataset. The hackers, figuring out themselves as “Scattered Lapsus$ Hunters,” a collective stated to mix components of Scattered Spider, Lapsus$, and ShinyHunters, have now revealed information allegedly belonging to six of the 39 focused firms. The businesses named within the leak are as…
Oct 13, 2025Ravie LakshmananCybersecurity / Hacking Information Each week, the cyber world reminds us that silence does not imply security. Assaults typically start quietly — one unpatched flaw, one neglected credential, one backup left unencrypted. By the point alarms sound, the injury is completed. This week’s version seems at how attackers are altering the sport — linking completely different flaws, working collectively throughout borders, and even turning trusted instruments into weapons. From main software program bugs to AI abuse and new phishing methods, every story reveals how briskly the menace panorama is shifting and why safety wants to maneuver simply…
The web cybercrime market, Russian Market, has developed from promoting Distant Desktop Protocol (RDP) entry to turning into some of the lively underground hubs for information-stealing malware logs.Stolen consumer credentials are traded each day, and every compromised login represents a possible gateway into company programs.Menace actors routinely buy credentials to launch credential-based assaults that put companies, governments, and people susceptible to account compromise and follow-on cyberattacks.A number of high-profile breaches have been traced again to credentials purchased on marketplaces like Russian Market, demonstrated how a single uncovered password can result in vital knowledge loss, monetary injury, and reputational hurt.At its…
Anfang Juli wurden Millionen Kundendaten bei Qantas gestohlen. Berichten zufolge haben die Täter die Daten nun veröffentlicht.T. Schneider – shutterstock.com Rund drei Monate nach einem Cyberangriff haben Hacker laut Medienberichten Daten von bis zu 5,7 Millionen Kunden der australischen Fluggesellschaft Qantas on-line veröffentlicht. Die Airline teilte mit, Qantas sei eines von mehreren Unternehmen weltweit, deren Daten nach dem Angriff von Anfang Juli verbreitet worden seien. Die Kundeninformationen seien damals über die Plattform eines Drittanbieters gestohlen worden. Die Fluggesellschaft hatte den Hackerangriff seinerzeit öffentlich gemacht und nach eigenen Angaben die betroffenen Kundinnen und Kunden über die Artwork der gestohlenen Personendaten informiert.…
Menlo Park, USA, October tenth, 2025, CyberNewsWire AccuKnox, a pacesetter in Zero Belief Cloud Native Software Safety Platforms (CNAPP), is proud to announce that Nanoprecise has chosen AccuKnox to reinforce its cloud safety, governance, and compliance framework. Nanoprecise is a pioneer predictive upkeep and situation monitoring, and leverages Synthetic Intelligence and IoT applied sciences to ship real-time fault diagnostics and predictive insights. This helps enterprises reduce downtime, optimize upkeep, and drive operational effectivity. With a rising cloud footprint and plans to increase throughout AWS and Oracle Cloud, Nanoprecise acknowledged the necessity for a complete CNAPP answer that might scale securely…
Oct 12, 2025Ravie LakshmananVulnerability / Menace Intelligence Oracle on Saturday issued a safety alert warning of a recent safety flaw impacting its E-Enterprise Suite that it mentioned might enable unauthorized entry to delicate information. The vulnerability, tracked as CVE-2025-61884, carries a CVSS rating of seven.5, indicating excessive severity. It impacts variations from 12.2.3 via 12.2.14. “Simply exploitable vulnerability permits an unauthenticated attacker with community entry through HTTP to compromise Oracle Configurator,” based on a description of the flaw within the NIST’s Nationwide Vulnerability Database (NVD). “Profitable assaults of this vulnerability may end up in unauthorized entry to essential information or…
Risk actors are more and more abusing Discord webhooks as covert command-and-control (C2) channels inside open-source packages, enabling stealthy exfiltration of secrets and techniques, host telemetry, and developer surroundings knowledge with out standing up bespoke infrastructure.Socket’s Risk Analysis Staff has documented energetic abuse throughout npm, PyPI, and RubyGems, the place hard-coded Discord webhook URLs act as write-only sinks to siphon knowledge over HTTPS to attacker-controlled channels.As a result of webhook posts resemble strange JSON visitors to a extensively allowed area, these operations typically bypass perimeter filtering and signature-based controls.How Discord Webhooks Turn out to be Exfiltration PipesDiscord webhooks are HTTPS…
Solely days in the past, a message on the BreachForums extortion website threatened to leak one billion information allegedly stolen from the Salesforce techniques of 39 of the most important firms on the earth, together with Disney, Toyota, Adidas, McDonalds, IKEA, and Dwelling Depot. It was a risk that the criminals behind the location, a super-alliance of the ShinyHunters, Scattered Spider, and LAPSUS$ ransomware teams often called Scattered Lapsus$ Hunters, vowed to hold out by way of its darkish internet and Clearnet websites if Salesforce didn’t pay a ransom by 11.59 p.m. EST on October 10. “If Salesforce doesn’t have…