Industrial giants Schneider Electric and Emerson have been named by cybercriminals as victims of the recent campaign targeting Oracle E-Business Suite (EBS) instances. Threat actors, presumably a cluster of the FIN11 profit-driven threat group, have exploited Oracle EBS vulnerabilities to steal data from dozens of organizations, including major companies. The hackers have started naming alleged victims on the leak website set up for the Cl0p ransomware. READ MORE...
Conduent said a breach that was first discovered in January has been traced back to an October 2024 intrusion that experts uncovered after a months-long forensic investigation, according to a filing Thursday with the Maine Attorney General's office. Conduent said an unauthorized third-party gained access to its systems on Oct. 21, 2024, and maintained access until Jan. 13 of this year. READ MORE...
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing up data to a QNAP network-attached storage (NAS) device. Tracked as CVE-2025-55315, this security bypass flaw was found in the Kestrel ASP.NET Core web server and enables attackers with low privileges to hijack other users' credentials or bypass front-end security controls via HTTP request smuggling. READ MORE...
An emerging IoT botnet has been observed launching record-breaking distributed denial-of-service (DDoS) attacks recently, but its lack of spoofing functionality enables remediation, Netscout reports. Dubbed Aisuru, the botnet is part of a new class of DDoS-capable malware, referred to as TurboMirai. The threats are reminiscent of the infamous Mirai IoT botnet, and can launch DDoS attacks that exceed 20 terabits per second (Tbps). READ MORE...
CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware. An analysis of the malware's code and the campaign's infrastructure led Kaspersky researchers to uncover additional attacks by the same threat actor against organizations and individuals in Russia and Belarus. READ MORE...
A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. Herodotus, according to Threat Fabric, is offered as a malware-as-a-service (MaaS) to financially motivated cybercriminals, believed to be the same operators behind Brokewell. Clients of the new MaaS platform are currently deploying it against Italian and Brazilian users through SMS phishing text messages. READ MORE...
Researchers have found more attack vectors for OpenAI's new Atlas web browser - this time by disguising a potentially malicious prompt as an apparently harmless URL. NeuralTrust found that Atlas's "omnibox" (where URLs or search terms are entered) has potential vulnerabilities. "We've identified a prompt injection technique that disguises malicious instructions to look like a URL, but that Atlas treats as high-trust 'user intent' text, enabling harmful actions," the researchers said. READ MORE...
With great power comes great vulnerability. Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection. Prompt injection occurs when something causes text that the user didn't write to become commands for an AI bot. READ MORE...