403/68 Wednesday, October 15, 2025 Researchers from the threat monitoring platform GreyNoise have detected a massive campaign leveraging over 100,000 botnet IP addresses worldwide to attack Remote Desktop Protocol (RDP) services in the United States. The campaign, which began on October 8, 2025, originates from multiple countries, including Brazil, Argentina, Iran, China, Mexico, Russia, South […]
402/68 Wednesday, October 15, 2025 On October 14, 2025, Microsoft officially ended support (End of Support – EOS) for the Windows 10 operating system. This means that the company will no longer provide software updates, technical support, or free security patches. As a result, hundreds of millions of computers worldwide that still rely on Windows […]
401/68 Tuesday, October 14, 2025 Cybersecurity authorities have issued a warning about a new scam in the United States after detecting a Smishing campaign (phishing via SMS) targeting New Yorkers. Threat actors are sending fraudulent text messages impersonating the New York State Department of Taxation and Finance, claiming to be part of an “Inflation Refund […]
400/68 Tuesday, October 14, 2025 Oracle has issued a security advisory regarding a newly discovered vulnerability affecting Oracle E-Business Suite (EBS) that could allow attackers to access sensitive information without authentication. Tracked as CVE-2025-61884, the flaw carries a CVSS score of 7.5 (High Severity) and impacts versions 12.2.3 through 12.2.14. According to the National Vulnerability […]
399/68 Tuesday, October 14, 2025 Threat actors tracked as Storm-2603-also known as CL-CRI-1040 and Gold Salem-have been observed weaponizing Velociraptor, an open-source digital forensics and incident response (DFIR) tool widely used by security professionals, turning it into a weapon for ransomware attacks. According to Cisco Talos, the group exploited a SharePoint vulnerability dubbed “ToolShell” to […]
398/68 Friday, October 10, 2025 OpenAI announced that it has suspended accounts linked to three hacker groups that misused ChatGPT to aid in the development of malware and cyberattack tools. One of the groups, a Russian-speaking threat actor, reportedly used the AI model to help build and refine a Remote Access Trojan (RAT) and data-stealing […]
397/68 Friday, October 10, 2025 DraftKings, the U.S.-based online sports betting company, has issued a security advisory after detecting a credential stuffing attack on September 2, 2025. The company observed attempts to access some customer accounts using usernames and passwords previously exposed in unrelated data breaches. However, DraftKings confirmed there is no evidence that its […]
396/68 Friday, October 10, 2025 Three notorious cybercriminal groups in the ransomware ecosystem-LockBit, Qilin, and DragonForce-have announced the formation of a “cartel-style alliance” to share information, techniques, and resources, while also inviting other cybercrime groups to join the collaboration. The announcement comes shortly after LockBit unveiled its new “LockBit 5.0” service, marking a move that […]
395/68 Thursday, October 9, 2025 Avnet, a leading U.S.-based distributor and designer of electronic components with operations in over 125 countries, has confirmed a data breach after unauthorized actors gained access to a database hosted on an external cloud service used in the Europe, Middle East, and Africa (EMEA) region. The company emphasized that the […]
394/68 Thursday, October 9, 2025 Redis, the developer of the popular in-memory database software, has disclosed a critical vulnerability tracked as CVE-2025-49844, also known as “RediShell.” The flaw, which received the maximum CVSS score of 10.0, is a Use-After-Free (UAF) issue in Redis’s Lua Scripting engine that has existed in the source code for over […]
