Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. "Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon's known tactics, techniques and procedures (TTPs), including dynamic-link library (DLL) sideloading and abuse of legitimate software for stealth and execution," the British cybersecurity company shared on Monday. READ MORE...
Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There's no mention of these flaws being exploited in the wild, but due to their severity, the company has advised customers to apply the latest firmware updates immediately. Moxa is a Taiwanese company that specializes in industrial communications, networking, and edge connectivity for OT environments. READ MORE...
The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. The Star Blizzard threat group abandoned the LostKeys malware less than a week after researchers published their analysis and leveraged the *Robot malicious tools "more aggressively" than in any of its previous campaigns. READ MORE...
Bring your own device (BYOD) threats continue to expand, as researchers have demonstrated that even the car you drive to work can constitute an initial access vector into a corporate network. At BSides NYC on Oct. 18, Threatlight chief technology officer (CTO) and co-founder Tim Shipp detailed a proof-of-concept (PoC) attack chain that began in a parked car and ended in corporate Linux servers and ESXi hypervisors. Call it a BYOC - a bring-your-own-car attack. READ MORE...
Researchers have shown how you can corrupt an AI and make it talk gibberish by tampering with just 250 documents. The attack, which involves poisoning the data that an AI trains on, is the latest in a long line of research that has uncovered vulnerabilities in AI models. Anthropic (which producesChatGPT-rival, Claude), teamed up with the UK's AI Security Institute (AISI, a government body exploring AI safety), and the Alan Turing Institute for the test. READ MORE...
Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited - months after it was patched. The bug, tracked as CVE-2025-33073, was added to CISA's Known Exploited Vulnerabilities (KEV) catalogue on October 20, confirming that real-world attackers are using the vulnerability in ongoing campaigns. The flaw, rated 8.8 on the CVSS scale, affects Windows 10, Windows 11, and all supported versions of Windows Server. READ MORE...
The cybersecurity agency CISA has confirmed that an Oracle E-Business Suite (EBS) vulnerability patched earlier this month has been exploited in the wild. Dozens of Oracle customers have been targeted in a campaign that involved data theft from their EBS instances. The cybercriminals, presumably a cluster of a threat group named FIN11, stole significant amounts of files and attempted to extort victims. READ MORE...
Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. Firebox devices act as a central defense hub that controls traffic between internal and external networks, providing protection through policy management, security services, VPN, and real-time real-time visibility through WatchGuard Cloud. READ MORE...