State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications. ​ ​ ​Read More

The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers. ​ ​ ​Read More

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said. ​ ​ ​Read More

Advancements in vision language models expanded models reasoning capabilities to help protect employee safety. ​ ​ ​Read More

Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects “allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags,” Oligo Security said in ​ ​ ​Read More

The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. “In the period from 2024 to 2025, the Russian IT sector, especially companies working as contractors and integrators of solutions…

Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” Blackfog researcher Brenda Robb said in a Thursday report.…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated ​…

In a repeat of similar attacks during the summer, threat actors affiliated with the ShinyHunters extortion group used a third-party application to steal organizations’ Salesforce data. ​ ​ ​Read More

In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats. ​ ​ ​Read More