Information security

Information security

Exploiting the so-called "RediShell" remote code execution vulnerability, an authenticated user can use a specially crafted script to manipulate the garbage collector, trigger a use-after-free, and potentially execute arbitrary code remotely. The vulnerability exploits a 13-year-old UAF memory corruption bug in Redis, allowing a post-auth attacker to send a crafted Lua script to escape the default Lua sandbox and execute arbitrary native code.

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to the privacy of user and enterprise communications, the company noted. The attack has been codenamed Whisper Leak.

A random "can you hear me?" question should be your first red flag that this unsolicited call could be a scam, said Kelly Richmond Pope, a professor of forensic accounting at DePaul University and the author of Fool Me Once: Scams, Stories, and Secrets From the Trillion-Dollar Fraud Industry. A conversation with a random number that starts with "can you hear me?" is suspicious "because it's so outside of the typical conversational cycle," Pope said.

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government policy on international issues." The attackers managed to gain access to the network for several weeks in April 2025.

Last month, Google said that the ransomware gang Clop was targeting companies after exploiting multiple vulnerabilities in Oracle's E-Business Suite software, which companies use for their business operations, storing their human resources files, and other sensitive data. The exploits allowed the hackers to steal their customer's business data and employee records from more than 100 companies, per Google.

A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April. The surveillance campaign likely began in July 2024 and abused CVE-2025-21042, a critical bug in Samsung's image-processing library that affects Galaxy devices running Android versions 13, 14, 15, and 16,

CISOs often operate in environments where security is underfunded, under prioritised, or misunderstood at the board and C-suite level. A lack of senior-level buy-in trickles down into: Budget constraints that limit the scope and impact of the CISO function, including resources for tooling and automation. Skills shortages and restrictive operating models that prevent effective delegation. Strategic misalignment, where short-term delivery is prioritised over long-term business resilience and customer outcomes.

Martin had apparently seen how this system worked in practice through his job, and he approached a pair of other people to help him make some easy cash. One of these people was allegedly Ryan Goldberg of Watkinsville, Georgia, who worked as an incident manager at the cybersecurity firm Sygnia. Goldberg told the FBI that Martin had recruited him to "try and ransom some companies."

implemented additional monitoring and new security controls to further protect the agency's systems

Last year almost a dozen major U.S. ISPs were the victim of a massive, historic intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The "Salt Typhoon" hack was so severe, the intruders spent much of the last year rooting around the ISP networks even after discovery. AT&T and Verizon, two of the compromised companies, apparently didn't think it was worth informing subscribers any of this happened.

In April, the group targeted a Ukrainian university with two wipers, a form of malware that aims to permanently destroy sensitive data and often the infrastructure storing it. One wiper, tracked under the name Sting, targeted fleets of Windows computers by scheduling a task named DavaniGulyashaSdeshka, a phrase derived from Russian slang that loosely translates to "eat some goulash," researchers from ESET said. The other wiper is tracked as Zerlot.

SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups. The network security vendor said it spotted "suspicious activity" in early September involving the unauthorized downloading of backup firewall configuration files from "a specific cloud environment." The company initially said that "fewer than 5 percent" of its firewall installed base had files accessed,

Cybersecurity is as much about communication as it is about code. When leadership sends mixed signals - one message in a company memo, another in marketing materials - the inconsistency confuses employees and customers alike. A StratusPoint IT report found that 74% of data breaches involved a human element, including social engineering and error. These incidents often begin with misunderstanding rather than malice.

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) - marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative assessment, we believe it underscores Bitdefender's human-driven approach to MDR and our continued alignment with Gartner's rigorous inclusion standards.

I think the big cyber incidents happening in the Middle East and Europe in recent months, particularly ransomware as a service, so big names like Jaguar Land Rover and others, have kind of given this meeting an extra buzz just before we met. Quite a few people flew in from that have been affected by the supply chain attack on baggage handling software. So it was very relevant and topical.

Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in several regions, including DORA (Digital Operational Resilience Act) in the EU; CPS230 / CORIE (Cyber Operational Resilience Intelligence-led Exercises) in Australia;

The group, which according to the researchers operates in line with Russian geopolitical interests, uses hidden Linux virtual machines to bypass detection by traditional security measures. The investigation, conducted in collaboration with the Georgian CERT, revealed that the attackers exploit Hyper-V, the built-in virtualization technology of Windows 10. After gaining access to a target, they activate Hyper-V but disable the management tools to prevent monitoring by system administrators.

Zoom in: Google's team found PromptFlux while scanning uploads to VirusTotal, a popular malware-scanning tool, for any code that called back to Gemini. The malware appears to be in active development: Researchers observed the author uploading updated versions to VirusTotal, likely to test how good it is at evading detection. It uses Gemini to rewrite its own source code, disguise activity and attempt to move laterally to other connected systems.

Have I Been Pwned (HIBP) is a data breach "search engine" that allows anyone to submit their email address to see if any links to a data breach are publicly known. HIBP is a free service that can give you an overview of whether or not it is likely your online accounts have been "pwned," or compromised, in a data breach.

The ADF outage, triggered by a faulty control-plane configuration change, brought Microsoft 365, Xbox Live, the Azure Portal, and thousands of customer websites to a crawl before a staged recovery returned services to normal. Moreover, the outage's blast radius was broad, demonstrating the profound dependency of the entire Microsoft ecosystem and its customers on AFD as a centralized edge fabric.

Although many enterprise IT teams are probably not hugely aware of MDAG, there could still be hidden work caused by its removal. Microsoft, for its part, recommends that administrators do the following: Enable Microsoft Defender for Endpoint ASR rules to block risky Office file behaviors. Enable Windows Defender Application Control (WDAC) to ensure only trusted, signed code runs on devices. Review internal documentation and helpdesk guidance if your organization previously relied on Application Guard for Office.

Following the recent acquisition of Observo AI, SentinelOne is integrating this technology into the Singularity Platform. According to the company, the combination creates the only SIEM on the market with both pre-ingestion analytics and flexible data collection. This is made possible by Observo AI's streaming architecture, which made it an attractive acquisition target for SentinelOne. This speed should enable agentic applications, allowing security work to be largely automated in real time. SentinelOne summarizes all this as an "AI-ready data pipeline."

Hackers are actively exploiting a serious security vulnerability in the popular JobMonster WordPress theme. The vulnerability allows attackers to take over administrator accounts under specific circumstances, giving them complete control over affected websites. The vulnerability, registered as CVE-2025-5397, received a risk score of 9.8 out of 10. The problem is present in all versions of the theme up to and including 4.8.1.

The current infection chain is built on a highly successful malvertising model. Threat actors buy Bing search engine advertisements to direct users to convincing-looking, but malicious landing pages," said Aaron Walton, threat intelligence analyst at Expel. "These search engine ads put links to the download right in front of potential victims. The most recent campaigns push ads for Microsoft Teams and impersonate the download pages. However, they've also cycled through other popular software such as PuTTy and Zoom.