A security issue in the Kibana CrowdStrike Connector allows attackers to access stored CrowdStrike credentials. The flaw affects multiple versions of Kibana and can expose […]
Google DeepMind launches an AI agent to fix code vulnerabilities automatically
Google DeepMind has introduced an AI agent that automatically found and fixed software vulnerabilities in open source projects, submitting 72 security patches over the past […]
CISA Alerts on Oracle E-Business Suite 0-Day Actively Exploited for Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Oracle E-Business Suite that cybercriminals are actively […]
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised […]
New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise
For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise […]
Cavalry Werewolf APT Targets Russian Organizations Using FoalShell and Telegram C2
Cavalry Werewolf, a Russian-focused advanced persistent threat (APT) cluster, has intensified its offensive operations by experimenting with new malware variants and leveraging Telegram-based command-and-control (C2). […]
Red Hat Breach Impacts 5,000+ High-Value Enterprise Customers, Data at Risk
An extortion group calling itself Crimson Collective claimed responsibility for a major breach at Red Hat Consulting. With only 22 followers on Telegram at the […]
Phishers turn 1Password’s Watchtower into a blind spot
Malwarebytes has flagged a new phishing campaign that weaponized user trust in 1Password’s breach notification system, adding that an employee nearly handed over their vault […]
CrowdStrike Alerts on Oracle E-Business Suite 0-Day Under Mass Exploitation
A novel zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited in a large-scale data exfiltration campaign, with CrowdStrike Intelligence attributing primary involvement […]
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate […]