News

Breaking News

Entertainment

Movies & Series

Music

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

News

Entertainment

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

home
›
Security Affairs
›
Software

Security Affairs - Software

8 | Follower

Security Affairs

15.10.2025

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor.

Security Affairs

15.10.2025

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data.

Security Affairs

15.10.2025

Researchers warn of widespread RDP attacks by 100K-node botnet

A botnet of 100K+ IPs from multiple countries is attacking U.S. RDP services in a campaign active since October 8.

Security Affairs

15.10.2025

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

UK NCSC handled 429 cyberattacks from Sept 2024–Aug 2025, including 204 nationally significant cases, over double the previous year’s total.

Security Affairs

15.10.2025

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks.

Security Affairs

15.10.2025

Unencrypted satellites expose global communications

Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications.

Security Affairs

14.10.2025

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884.

Security Affairs

14.10.2025

SimonMed Imaging discloses a data breach impacting over 1.2 million people

Medusa ransomware hit SimonMed Imaging, stealing 200 GB of data and impacting over 1.2 million people in a major healthcare data breach.

Security Affairs

14.10.2025

Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

Google and Mandiant link Oracle EBS extortion emails to known July-patched flaws and a likely zero-day, CVE-2025-61882.

Security Affairs

14.10.2025

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

Malicious code on Unity Technologies’s SpeedTree site skimmed sensitive data from hundreds of customers, the company confirmed.

Security Affairs

14.10.2025

Microsoft revamps Internet Explorer Mode in Edge after August attacks

Microsoft updated Edge’s Internet Explorer mode after reports that attackers exploited it to access users’ devices without authentication

Security Affairs

14.10.2025

Astaroth Trojan abuses GitHub to host configs and evade takedowns

The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform

Security Affairs

13.10.2025

Clop Ransomware group claims the hack of Harvard University

The notorious Clop Ransomware group claims the hack of Harvard University and added the prestigious institute to its Tor data leak site.

Security Affairs

13.10.2025

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

Spain’s Guardia Civil dismantled the cybercrime group “GXC Team” and arrested its 25-year-old Brazilian leader.

Security Affairs

13.10.2025

Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

Security Affairs

13.10.2025

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

Stealit malware abuses Node.js SEA and Electron to spread via fake game and VPN installers shared on Mediafire and Discord.

Security Affairs

13.10.2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Security Affairs

12.10.2025

Attackers exploit valid logins in SonicWall SSL VPN compromise

Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly.

Security Affairs

12.10.2025

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

Spain’s Guardia Civil dismantled the cybercrime group “GXC Team” and arrested its 25-year-old Brazilian leader.

Security Affairs

12.10.2025

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products.

Security Affairs

11.10.2025

Apple doubles maximum bug bounty to $2M for zero-click RCEs

Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers.

Security Affairs

11.10.2025

U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog.

Security Affairs

11.10.2025

Juniper patched nine critical flaws in Junos Space

Juniper fixed nearly 220 flaws in Junos OS, Junos Space, and Security Director, including nine critical bugs in Junos Space.

Security Affairs

11.10.2025

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP.

Security Affairs

10.10.2025

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June.

Security Affairs

10.10.2025

Discord denies massive breach, confirms limited exposure of 70K ID photos

Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed.

Security Affairs

10.10.2025

Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users

All SonicWall Cloud Backup users were impacted after hackers stole firewall config files from the MySonicWall service in early September.

Security Affairs

10.10.2025

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube.

Security Affairs

10.10.2025

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in the Service Finder WordPress theme’s Bookings plugin.

Security Affairs

09.10.2025

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it.

Security Affairs

09.10.2025

Qilin ransomware claimed responsibility for the Asahi attack

Qilin ransomware claimed responsibility for the recent attack on the beer giant Asahi that disrupted operations in Japan.

Security Affairs

09.10.2025

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

DraftKings warns of credential stuffing using stolen logins; No evidence of data loss, but users must reset passwords and enable MFA.

Security Affairs

09.10.2025

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the threat landscape

Security Affairs

08.10.2025

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing easy remote code execution via License Servlet bug.

Security Affairs

08.10.2025

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025.

Security Affairs

08.10.2025

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog.

Security Affairs

07.10.2025

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

LinkedIn sued ProAPIs and its CEO for running millions of fake accounts to scrape and sell user data, charging up to $15,000 per month.

Security Affairs

07.10.2025

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group.

Security Affairs

07.10.2025

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog.

Security Affairs

07.10.2025

Discord discloses third-party breach affecting customer support data

Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, and billing info

home›Security Affairs›Software

Security Affairs - Software

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

Researchers warn of widespread RDP attacks by 100K-node botnet

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

Unencrypted satellites expose global communications

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

SimonMed Imaging discloses a data breach impacting over 1.2 million people

Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

Microsoft revamps Internet Explorer Mode in Edge after August attacks

Astaroth Trojan abuses GitHub to host configs and evade takedowns

Clop Ransomware group claims the hack of Harvard University

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66

Attackers exploit valid logins in SonicWall SSL VPN compromise

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Apple doubles maximum bug bounty to $2M for zero-click RCEs

U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog

Juniper patched nine critical flaws in Junos Space

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

Discord denies massive breach, confirms limited exposure of 70K ID photos

Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

Qilin ransomware claimed responsibility for the Asahi attack

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog

Discord discloses third-party breach affecting customer support data

home
›
Security Affairs
›
Software