Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks
The recent data theft and extortion campaign targeting Oracle E-Business Suite customers has been confirmed to be the work of the notorious Cl0p ransomware group,…
Author: Cybernoz
Gemini CLI to Your Kali Linux Terminal To Automate Penetration Testing Tasks
With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI).…
Hackers Exploit WordPress Sites by Silently Injecting Malicious PHP Code
Cybercriminals have ramped up attacks on WordPress websites by stealthily modifying theme files to serve unauthorized third-party scripts. This campaign leverages subtle PHP injections in…
Beer Giant Asahi Says Data Stolen in Ransomware Attack
Japanese brewing giant Asahi Group Holdings has confirmed that a ransomware attack has caused the week-long outage at its domestic subsidiaries. The company disclosed the…
Zimbra users targeted in zero-day exploit using iCalendar attachments
Zimbra users targeted in zero-day exploit using iCalendar attachments Pierluigi Paganini October 06, 2025 Threat actors exploited a Zimbra zero-day via malicious iCalendar (.ICS) files…
PoC Exploit Released for Sudo Vulnerability that Enables Attackers to Gain Root Access
A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root…
Ransomware Gangs Exploit Remote Access Tools to Stay Hidden and Maintain Control
Modern ransomware operations have evolved far beyond simple opportunistic attacks into sophisticated, multi-stage campaigns that exploit legitimate Remote Access Tools (RATs) to maintain stealth and…
Reading the ENISA Threat Landscape 2025 report
Reading the ENISA Threat Landscape 2025 report Pierluigi Paganini October 06, 2025 ENISA Threat Landscape 2025: Rising ransomware, AI phishing, and state-backed espionage mark a…
Hackers Weaponize AWS X-Ray Service to Work as Covert Command & Control Server
A sophisticated technique uncovered where threat actors abuse Amazon Web Services‘ X-Ray distributed tracing service to establish covert command and control (C2) communications, demonstrating how…
Redis Server Use-After-Free Vulnerability Allows Remote Code Execution
A critical security vulnerability has been discovered in Redis Server that could allow authenticated attackers to achieve remote code execution through a use-after-free flaw in…
Old authentication habits die hard
Many organizations still rely on weak authentication methods while workers’ personal habits create additional risks, according to Yubico. Training and policy gaps 40% of employees…
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
Oct 06, 2025Ravie LakshmananEmail Security / Zero-Day A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber…