Oct 07, 2025Ravie LakshmananVulnerability / Cloud Security Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the…
A recently patched vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) was exploited as a zero-day by a Chinese ransomware…
A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group…
In recent years, adversaries have abandoned traditional malware in favor of “living-off-the-land” operations against cloud and SaaS environments. Rather than…
Oct 07, 2025Ravie LakshmananVulnerability / Cloud Security Redis has disclosed details of a maximum-severity security flaw in its in-memory database…
A critical-severity vulnerability that lingered in Redis for 13 years potentially exposes 60,000 servers to exploitation, cybersecurity firm Wiz warns….
CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025 Pierluigi Paganini October 07, 2025 CrowdStrike links…
Security researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution…
Popular social platform Discord has suffered a data breach—though technically, it wasn’t Discord itself that was hacked. A third-party customer…
Time Manipulation Allows Hackers to Trigger Y2K38 Bug Today Widely known time-related software bugs that could cause significant disruptions when…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft…
Scattered Spider has shifted its operational strategy, moving away from chaotic data leaks toward a more structured and professional model…