Threat Actors Hijacking MS-SQL Server to Deploy XiebroC2 Framework
30
Sep
2025

Threat Actors Hijacking MS-SQL Server to Deploy XiebroC2 Framework

A sophisticated attack campaign targeting improperly managed Microsoft SQL servers has emerged, deploying the XiebroC2 command and control framework to…

FTC
30
Sep
2025

Sendit sued by the FTC for illegal collection of children data

The Federal Trade Commission (FTC) is suing Sendit’s operating company and its CEO for unlawful collection of data from underage…

CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks
30
Sep
2025

CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks

In late September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a public alert regarding the active exploitation of…

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
30
Sep
2025

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections

A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM…

Malware phishing
30
Sep
2025

New MatrixPDF toolkit turns PDFs into phishing and malware lures

A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that…

Chinese APT Phantom Taurus Breached MS Exchange Servers for Years
30
Sep
2025

Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years

Researchers at Palo Alto Networks say a Chinese-linked cyberespionage group has been targeting foreign ministries, embassies, and military-related communications by…

VMware Vulnerability CVE-2025-41244 Exploited For A Year
30
Sep
2025

VMware Vulnerability CVE-2025-41244 Exploited For A Year

A newly listed VMware zero-day vulnerability has been actively exploited by Chinese state-sponsored threat actors for almost a year, according…

DOJ, Georgia Tech affiliate company settle over alleged failure to meet DOD contract cyber requirements
30
Sep
2025

DOJ, Georgia Tech affiliate company settle over alleged failure to meet DOD contract cyber requirements

A company affiliated with the Georgia Institute of Technology agreed to pay $875,000 to the U.S. government to settle a…

Windows 11
30
Sep
2025

Windows 11 2025 Update (25H2) is now available, Here’s what’s new

Today, Microsoft announced the general availability of Windows 11 25H2, also known as Windows 11 2025 Update. Windows 11 25H2…

APT35 Hackers Attacking Government, Military Organizations to Steal Login Credentials
30
Sep
2025

APT35 Hackers Attacking Government, Military Organizations to Steal Login Credentials

In recent months, a surge in targeted intrusions attributed to the Iranian-aligned threat group APT35 has set off alarm bells…

Cloud provider publishes ‘tech sovereignty’ plan for UK
30
Sep
2025

Cloud provider publishes ‘tech sovereignty’ plan for UK

The government should reframe its technology strategy to ensure the UK does not lose control of its digital infrastructure and…

Watchdog: Cyber threat information-sharing program’s future uncertain with expected expiration of 2015 law
30
Sep
2025

Watchdog: Cyber threat information-sharing program’s future uncertain with expected expiration of 2015 law

The Cybersecurity and Infrastructure Security Agency doesn’t have any plans in place for continuing a threat information-sharing program should a…