Alert

Researchers at Google Mandiant and GTIG are monitoring a suspected Cl0p ransomware affiliate conducting a mass extortion campaign against Oracle E-Business Suite customers. The attackers allege they have stolen sensitive corporate data and are demanding ransoms up to $50 million, as reported by the incident response firm Halcyon, which is …

Trend™ Research is investigating a malware campaign that uses WhatsApp to infect users. This attack is focused on spreading quickly and taking advantage of social trust, rather than theft or ransomware. It’s called SORVEPOTEL and is currently most active in Brazil. The campaign is dubbed SORVEPOTEL by Trend Micro that …

Splunk issued security advisories for six vulnerabilities in Splunk Enterprise and Splunk Cloud Platform, with severity levels from medium to high. The issues include improper access control, various cross-site scripting (XSS) types, XML external entity (XXE) injection, denial-of-service (DoS) via LDAP misuse, and a high-severity server-side request forgery (SSRF). CVE-2025-20366 …

50k Cisco ASA and FTD devices on the internet are at risk due to two vulnerabilities being exploited by hackers. Flaws CVE-2025-20333 and CVE-2025-20362 allow remote code execution and access to restricted VPN URLs without authentication. On September 25, Cisco warned that the issues were actively exploited in attacks that …

A newly patched security flaw in Broadcom VMware Tools and VMware Aria Operations has been exploited by a threat actor named UNC5174 since mid-October 2024, according to NVISO Labs. The vulnerability identified as CVE-2025-41244 (CVSS score: 7.8) is a flaw that allows local privilege escalation, impacting the following versions – …

Security researchers found a zero-click vulnerability in WhatsApp that lets remote code execution (RCE) on iOS, macOS, and iPadOS. The attack chain uses two vulnerabilities, CVE-2025-55177 and CVE-2025-43300, to compromise a device without user interaction. Researchers from DarkNavyOrg demonstrated a “zero-click” exploit that targets WhatsApp. This attack involves sending a …

Cisco warned customers to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company’s firewall software. The first one (CVE-2025-20333) allows authenticated, remote attackers to execute arbitrary code on devices running vulnerable Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software, while the second …

A flaw in various versions of OnePlus’s OxygenOS lets any app access SMS data and metadata without needing permission or user consent. OnePlus is a Shenzhen-based tech company recognized for producing high-quality smartphones at affordable prices. Unlike other major Chinese brands like Huawei and Xiaomi, OnePlus phones are officially sold …

Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its popular IOS and IOS XE software, which is currently under active exploitation. The flaw in the Simple Network Management Protocol (SNMP) can let remote attackers execute code or cause denial-of-service (DoS) on affected devices. The stack overflow vulnerability (CWE-121) exists in …

Cisco Talos researchers have discovered an ongoing espionage campaign since 2022, targeting telecom and manufacturing sectors in Central and South Asia. The campaign uses a new variant of the PlugX backdoor, closely related to the RainyDay and Turian malware families linked to Chinese-speaking APT groups. According to the report, “Cisco …