China-linked Salt Typhoon hackers attempt to infiltrate European telco
Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. "Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon's known tactics, techniques and procedures (TTPs), including dynamic-link library (DLL) sideloading and abuse of legitimate software for stealth and execution," the British cybersecurity company shared on Monday. READ MORE...
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There's no mention of these flaws being exploited in the wild, but due to their severity, the company has advised customers to apply the latest firmware updates immediately. Moxa is a Taiwanese company that specializes in industrial communications, networking, and edge connectivity for OT environments. READ MORE...
Russian hackers evolve malware pushed in "I am not a robot" captchas
The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. The Star Blizzard threat group abandoned the LostKeys malware less than a week after researchers published their analysis and leveraged the *Robot malicious tools "more aggressively" than in any of its previous campaigns. READ MORE...
Is Your Car a BYOD Risk? Researchers Demonstrate How
Bring your own device (BYOD) threats continue to expand, as researchers have demonstrated that even the car you drive to work can constitute an initial access vector into a corporate network. At BSides NYC on Oct. 18, Threatlight chief technology officer (CTO) and co-founder Tim Shipp detailed a proof-of-concept (PoC) attack chain that began in a parked car and ended in corporate Linux servers and ESXi hypervisors. Call it a BYOC - a bring-your-own-car attack. READ MORE...
You can poison AI with just 250 dodgy documents
Researchers have shown how you can corrupt an AI and make it talk gibberish by tampering with just 250 documents. The attack, which involves poisoning the data that an AI trains on, is the latest in a long line of research that has uncovered vulnerabilities in AI models. Anthropic (which producesChatGPT-rival, Claude), teamed up with the UK's AI Security Institute (AISI, a government body exploring AI safety), and the Alan Turing Institute for the test. READ MORE...
Feds flag active exploitation of patched Windows SMB vuln
Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited - months after it was patched. The bug, tracked as CVE-2025-33073, was added to CISA's Known Exploited Vulnerabilities (KEV) catalogue on October 20, confirming that real-world attackers are using the vulnerability in ongoing campaigns. The flaw, rated 8.8 on the CVSS scale, affects Windows 10, Windows 11, and all supported versions of Windows Server. READ MORE...
CISA Confirms Exploitation of Latest Oracle EBS Vulnerability
The cybersecurity agency CISA has confirmed that an Oracle E-Business Suite (EBS) vulnerability patched earlier this month has been exploited in the wild. Dozens of Oracle customers have been targeted in a campaign that involved data theft from their EBS instances. The cybercriminals, presumably a cluster of a threat group named FIN11, stole significant amounts of files and attempted to extort victims. READ MORE...
Over 75,000 WatchGuard security devices vulnerable to critical RCE
Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. Firebox devices act as a central defense hub that controls traffic between internal and external networks, providing protection through policy management, security services, VPN, and real-time real-time visibility through WatchGuard Cloud. READ MORE...
- ...in 1879, Thomas Edison applies for a patent for his design for an incandescent light bulb.
- ...in 1917, jazz trumpeter and composer John Birks "Dizzy" Gillespie, one of the early pioneers of bebop and Afro-Cuban jazz, is born in Cheraw, SC.
- ...in 1940, Ernest Hemingway's novel "For Whom the Bell Tolls" is published.
- ...in 1959, the Solomon R. Guggenheim Museum, designed by architect Frank Lloyd Wright, opens to the public in New York City.
