A critical vulnerability in Microsoft Entra could have let hackers access any user account. The flaw affected key authentication processes, allowing normal security checks to be bypassed. Microsoft released a patch quickly, but accounts that are not updated remain exposed. Experts urge immediate action to protect sensitive information. Applying the latest updates promptly ensures personal…
German authorities nix 1,400 websites used for cybertrading fraud German investigators and banking watchdog BaFin have shut down over 1,400 illegal domains in Eastern Europe that were involved in cybertrading fraud, officials said in a joint statement on Monday. Dubbed Operation Heracles, the probe was conducted by Baden Wuerttemberg state criminal police and BaFin, Europol…
India’s Fintech industry and Fintech growth a part of digital transformation growth is facing growing cybersecurity risks as per reports prepared by PWC & Unified Fintech Forum (UFF). The report, titled “FinSec: An Emerging Equation Between FinTech and Cybersecurity,” highlights how new technologies while driving innovation in digital payments, lending, neobanking, and blockchain are simultaneously…
Chinese hackers pose a “highly sophisticated and capable” threat to the UK, GCHQ’s cyber security agency has warned. The warning came after the National Cyber Security Centre (NCSC) recorded a 50% increase in “highly significant” online incidents carried out by criminals and state-linked groups in the year to the end of August. The attacks on household names…
The new hacking group, which claimed to have stolen confidential source code and sensitive project files from SK Telecom last month, is now threatening to leak that data if the telecommunications giant doesn’t start negotiations. The previously unheard-of ransomware group, CoinbaseCartel, apparently hoping to garner attention for itself and get a ransom payout from the…
SonicWall recently disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. “The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks,” the company reported. It also noted that it’s working…
Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite extortion campaign, revealing the use of malware. Attackers exploited July-patched EBS flaws and likely a zero-day (CVE-2025-61882), sending extortion emails to company executives. In early October, Google Mandiant and Google Threat Intelligence Group (GTIG) researchers tracked a suspected Cl0p ransomware group’s activity, where threat actors were attempting…
C2A Security Acquires Vigilant Ops, Creating a Global Market-Leading AI-Powered Product Security Powerhouse, adding Tens of MedTech, Telecom and Defense Customers The acquisition delivers faster compliance, stronger supply-chain security, and unparalleled MedTech expertise, while positioning C2A Security for accelerated global growth Jerusalem, Israel, and Pittsburgh, USA, October 8, 2025 – C2A Security, the only context…
Researchers Uncover 13-Year-Old Redis Flaw Impacting Nearly 330,000 Instances The bug, tracked as CVE-2025-49844 and nicknamed RediShell, carried a top severity score — 10.0 on the CVSS scale — and affected every Redis release. An attacker with the ability to submit a Lua script — a capability that Redis supports by default — could trigger…
Crimson Collective, cyber criminal gang claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances. This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms. Red…
