Layered security in action. How VDP, bug bounty, and PTaaS combine to protect your business.
You asked, and we answered. At Intigriti, we’ve been paying close attention to the questions most frequently asked by those with a bug bounty program…
Month: October 2025
Hackers Weaponizing WordPress Websites by Injecting Malicious PHP Codes Silently
WordPress websites have become a prime target for threat actors seeking to monetize traffic and compromise visitor security. In recent months, a new malvertising campaign…
Hackers Exploit CSS Properties to Conceal Malicious Code in Hidden Text Salting Attacks
with font-size:1px and line-height:0, only revealed when font size was increased to 20px. A scam email impersonating the PayPal brand. Likewise, Harbor Freight phishing emails…
CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks
CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), designated as CVE-2025-27915. This vulnerability has…
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory…
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language…
Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching
More information has come to light on the recently patched Oracle E-Business Suite (EBS) zero-day, with evidence indicating that threat actors knew about the vulnerability…
Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks
Google has released Chrome version 141.0.7390.65/.66 for Windows and Mac, along with 141.0.7390.65 for Linux, addressing multiple critical security vulnerabilities that could allow attackers to…
FreePBX SQL Injection Vulnerability Leads to Database Tampering
A critical SQL injection vulnerability in FreePBX, designated as CVE-2025-57819, has been actively exploited by attackers to modify the database and achieve arbitrary code execution on…
Radiflow360 unifies OT risk, compliance, and response
Radiflow has launched the new Radiflow360, a unified, AI-enhanced OT cybersecurity platform that delivers visibility, risk management and streamlined incident response for mid-sized industrial enterprises.…
Crimson Collective Exploits AWS Services to Steal Sensitive Data
A newly identified threat group called Crimson Collective has emerged as a significant security concern for organizations using Amazon Web Services (AWS), employing sophisticated techniques to steal…
Rethinking AI security architectures beyond Earth
If you think managing cloud security is complex, try doing it across hundreds of satellites orbiting the planet. Each one is a moving endpoint that…