Oct 07, 2025Ravie LakshmananCyber Attack / Ransomware CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence… Continue reading
Tag: exploits
Hacker news
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
Sep 30, 2025Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google’s Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have… Continue reading
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to… Continue reading
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according… Continue reading
Sep 16, 2025Ravie LakshmananAd Fraud / Mobile Security A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million… Continue reading
Sep 11, 2025Ravie LakshmananMalware / Credential Theft Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software,… Continue reading
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your… Continue reading
Hacker news
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging,… Continue reading
Hacker news
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. “Unlike traditional on-premises ransomware,… Continue reading
Hacker news
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering… Continue reading
