XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised…
Month: October 2025
Peer demands Fujitsu pay £700m in interim as it prepares response to Post Office scandal inquiry
Fujitsu will respond to the Post Office statutory public inquiry’s part 1 report by Friday this week, with details of its financial contribution finally due…
Researchers Uncover 13-Yr-Old Redis Flaw Impacting 330,000 Instances
Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua sandbox and execute native code on the host,…
Threat Actors Behind WARMCOOKIE Malware Added New Features to It’s Arsenal
The WARMCOOKIE backdoor first surfaced in mid-2024, delivered primarily via recruiting-themed phishing campaigns that coaxed victims into executing malicious documents. Initially designed as a lightweight…
Kibana CrowdStrike Connector Flaw Exposes Sensitive Credentials
A security issue in the Kibana CrowdStrike Connector allows attackers to access stored CrowdStrike credentials. The flaw affects multiple versions of Kibana and can expose…
OPSWAT’s MetaDefender Drive delivers portable, network-free threat scanning
OPSWAT launched MetaDefender Drive with Smart Touch, a portable cybersecurity device designed for malware and compliance scanning of transient cyber assets regardless of network connectivity.…
AI Is Already the #1 Data Exfiltration Channel in the Enterprise
For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise…
IR35: Conservative Party pledge to reform off-payroll rules gets lacklustre response
A pledge by the shadow home secretary, Andrew Griffith, to “look again” at reforming the controversial IR35 disguised employment legislation has received a lacklustre response…
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass
Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which…
Red Hat Breach Impacts 5,000+ High-Value Enterprise Customers, Data at Risk
An extortion group calling itself Crimson Collective claimed responsibility for a major breach at Red Hat Consulting. With only 22 followers on Telegram at the…
Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)
Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p…
Troops and veterans’ personal information leaked in CPAP Medical data breach
In December 2024, CPAP Medical Supplies and Services Inc. (CPAP), a Jacksonville—a Florida-based provider of sleep therapy services and CPAP machines—experienced a cybersecurity incident that…