SonicWall recently disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. “The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks,” the company reported. It also noted that it’s working…
Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite extortion campaign, revealing the use of malware. Attackers exploited July-patched EBS flaws and likely a zero-day (CVE-2025-61882), sending extortion emails to company executives. In early October, Google Mandiant and Google Threat Intelligence Group (GTIG) researchers tracked a suspected Cl0p ransomware group’s activity, where threat actors were attempting…
C2A Security Acquires Vigilant Ops, Creating a Global Market-Leading AI-Powered Product Security Powerhouse, adding Tens of MedTech, Telecom and Defense Customers The acquisition delivers faster compliance, stronger supply-chain security, and unparalleled MedTech expertise, while positioning C2A Security for accelerated global growth Jerusalem, Israel, and Pittsburgh, USA, October 8, 2025 – C2A Security, the only context…
Researchers Uncover 13-Year-Old Redis Flaw Impacting Nearly 330,000 Instances The bug, tracked as CVE-2025-49844 and nicknamed RediShell, carried a top severity score — 10.0 on the CVSS scale — and affected every Redis release. An attacker with the ability to submit a Lua script — a capability that Redis supports by default — could trigger…
Crimson Collective, cyber criminal gang claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances. This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms. Red…
Britain’s beloved Harrods department store revealed on Sunday that 430,000 customers have been compromised in yet another cyberattack impacting the retailer in 2025 – this time, via one of its third-party vendors. Now, those same ransomware attackers have been reportedly contacting Harrods customers, ever since the retailer publicly declared it would not negotiate. Key takeaways:…
The Department of War (DoW) announces the implementation of a groundbreaking Cybersecurity Risk Management Construct (CSRMC), a transformative framework to deliver real-time cyber defense at operational speed. This five-phase construct ensures a hardened, verifiable, continuously monitored, and actively defended environment to ensure that U.S. warfighters maintain technological superiority against rapidly evolving and emerging cyber threats. The…
The seized devices, described as “SIM servers,” were linked to a broader network believed to be operated by or connected to “nation-state” actors. US Secret Service dismantles telecom network with 300 SIM servers and 100,000 SIM cards near the UN General Assembly. Devices could have disabled mobile towers, blocked emergency dispatch, and texted the entire…
NetScout announced its solutions to support cable providers and multiple service operators (MSOs) in improving their ability to deliver an exceptional customer experience while reducing costs. Competition is driving the development of new methods for delivering content more efficiently and effectively. Streaming entertainment, gaming and interactive content, and home automation continue to drive demand…
Cyber threat intelligence firm Prodaft provided details on Subtle Snail (UNC1549) is an Iran-nexus espionage group linked to Unyielding Wasp (Tortoiseshell), which is part of the Eclipsed Wasp (Charming Kitten) network. The group has been active since at least June 2022 and recently shifted focus to European telecom, aerospace, and defense organizations. The group’s primary motivation involves infiltrating…
