416/68 Tuesday, October 21, 2025 Envoy Air, a regional airline under American Airlines, has confirmed that it was affected by a cyberattack targeting Oracle E-Business Suite (EBS) systems, carried out by the Cl0p ransomware group, which is linked to the FIN11 cybercrime syndicate. The attackers added American Airlines to their leak site on the dark […]
415/68 Tuesday, October 21, 2025 ConnectWise has rolled out the Automate 2025.9 security update to fix two critical vulnerabilities in its Automate Remote Monitoring and Management (RMM) software that could allow attackers to carry out Man-in-the-Middle (MiTM) attacks by intercepting and manipulating communications between agents and servers. The first flaw, CVE-2025-11492 (CVSS 9.6, Critical), stems […]
414/68 Tuesday, October 21, 2025 Threat actors are using the popular short-video platform TikTok to distribute information-stealing malware by posting short clips that claim to teach viewers how to unlock or activate software and services for free – for example, Windows, Microsoft 365, Adobe Photoshop, Spotify Premium, and Netflix. The technique used in these attacks […]
413/68 Monday, October 20, 2025 The European Union law enforcement agency Europol announced the successful takedown of a cybercrime network operating under a Cybercrime-as-a-Service (CaaS) model, as part of Operation SIMCARTEL. The network offered SIM Farm rental services that enabled global online crimes such as phishing and investment fraud. The operation included 26 raids, resulting […]
412/68 Monday, October 20, 2025 Researchers at Fortinet have revealed that the hacker group Winos 4.0 (also known as ValleyRAT) is expanding its operations from China and Taiwan into Japan and Malaysia, using phishing campaigns to distribute the HoldingHands RAT (also tracked as Gh0stBins), a Remote Access Trojan that enables remote control of compromised machines. […]
411/68 Monday, October 20, 2025 Have I Been Pwned (HIBP), the well-known data breach notification service founded by security expert Troy Hunt, has revealed that the recent cyberattack against Prosper, a peer-to-peer (P2P) lending platform, may have impacted as many as 17.6 million users. The stolen data reportedly includes a wide range of sensitive personal […]
410/68 Friday, October 17, 2025 The UK Information Commissioner’s Office (ICO) has fined Capita £14 million (approximately $18.7 million) following a 2023 data breach that exposed the personal information of more than 6.6 million individuals. Capita is one of the UK’s largest outsourcing and business consulting firms, providing services to government bodies such as local […]
409/68 Friday, October 17, 2025 SAP has issued a security update addressing 13 newly discovered vulnerabilities, including one critical flaw with the highest severity rating (CVSS 10.0), tracked as CVE-2025-42944 in SAP NetWeaver. The issue, categorized as Insecure Deserialization, allows attackers to execute malicious commands. This vulnerability can be exploited remotely without authentication via the […]
408/68 Friday, October 17, 2025 Users of popular password managers LastPass and Bitwarden are being targeted in a new phishing campaign, where attackers send fake security alert emails claiming that the companies have been hacked. The emails urge recipients to immediately download a supposedly “more secure desktop version” of the software to protect their data. […]
407/68 Thursday, October 16, 2025 The U.S. Department of Justice (DOJ) announced the seizure of more than $15 billion worth of cryptocurrency (approximately 560 billion THB) from the leaders of the cybercrime network known as Prince Group, which orchestrated a massive crypto investment scam, also referred to as “Pig Butchering.” Victims were tricked into transferring […]
