Thousands of customers imperiled after nation-state ransacks F5's network
Thousands of networks-many of them operated by the US government and Fortune 500 companies-face an "imminent threat" of being breached by a nation-state hacking group following the breach of a major maker of software, the federal government warned Wednesday. F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a "sophisticated" threat group working for an undisclosed nation-state government had surreptitiously dwelled in its network over a "long-term." READ MORE...
Auction house Sotheby's finds its data on the block after cyberattack
Auction house Sotheby's says it was breached on July 24, and those behind the intrusion stole an unspecified amount of data, including Social Security numbers and financial account information. The multinational broker of fine art and luxury items said it is not aware of who was behind the attack, but confirmed in a filing with the state's Attorney General's Office this week that two Maine residents were affected by the breach. READ MORE...
Video call app Huddle01 exposed 600K+ user logs
The Cybernews research team found that video call app Huddle01 exposed email addresses, real names, and other identifiers through an unprotected Kafka broker. Think of an unprotected Kafka broker like a post office that stores and delivers confidential mail. Now, imagine the manager leaves the front doors wide open, with no locks, guards, or ID checks. Anyone can walk in, look through private letters and photos, and grab whatever catches their eye. READ MORE...
PowerSchool hacker sentenced to 4 years in prison
A Massachusetts man who previously pleaded guilty to a cyberattack on PowerSchool, exposing data on tens of millions of students and teachers, was sentenced to four years in prison Tuesday - half the amount federal prosecutors sought in sentencing recommendations submitted to the court. Matthew Lane, 20, stole data from PowerSchool belonging to nearly 70 million students and teachers, extorted the California-based company for a ransom, which it paid. READ MORE...
Fake LastPass, Bitwarden breach alerts lead to PC hijacks
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. The messages direct recipients to download a binary that BleepingComputer has discovered installs Syncro, a remote monitoring and management (RMM) tool used by managed service providers (MSP) to streamline IT operations. READ MORE...
Microsoft kills 9.9-rated ASP.NET Core bug - 'our highest ever' score
Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass. The issue, called request smuggling, enables an extra request to be hidden inside another one, including cases where the first request does not require authentication, but the smuggled one normally would. READ MORE...
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites
In a significant crackdown against online cybercriminals, German authorities have successfully dismantled a network of fraudulent cryptocurrency investment sites that has targeted millions of unsuspecting people across Europe. According to a press release by BaFin (Germany's financial regulatory authority), 1,406 bogus trading platforms were seized on October 3, 2025, in an operation co-ordinated with other German agencies, Europol and Bulgarian law enforcement. READ MORE...
CISA: Maximum-severity Adobe flaw now exploited in attacks
CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems. Tracked as CVE-2025-54253, this critical security flaw stems from a misconfiguration weakness that affects Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23 and earlier. Successful exploitation can allow unauthenticated threat actors to bypass security mechanisms and execute arbitrary code remotely. READ MORE...
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. Their tests show that anyone within Bluetooth range can exploit the setup process to inject commands and gain root access, taking control of the robot. The problem lies in how it handles its setup process over Bluetooth Low Energy (BLE). READ MORE...
- ...in 1758, lexicographer and author Noah Webster, Jr., whose work was the basis for the modern Merriam-Webster English dictionary, is born in Hartford, CT.
- ...in 1793, deposed Queen Consort Marie Antoinette of France is executed by guillotine at the height of the French Revolution.
- ...in 1923, The Walt Disney Company is founded by brothers Walt and Roy Disney.
- ...in 1950, C.S. Lewis publishes "The Lion, the Witch, and the Wardrobe", the first book written in his "Chronicles of Narnia" series.
