Cl0p ransomware exploited a zero-day in Oracle E-Business Suite to steal years of invoice data from Barts Health NHS Trust. The leak exposed names, addresses, and payment info of patients, staff, and suppliers, now circulating on the dark web. Learn what was compromised, who’s at risk, and how to protect yourself.
The latest Cybersecurity and Infrastructure Security Agency (CISA) advisory reveals that PRC-linked hackers use a backdoor called BRICKSTORM to gain long-term access to VMware vSphere and Windows environments, affecting government and IT networks. This article unpacks the attack chain, impacted sectors and critical defensive steps organizations should take now.
JPCERT confirms that attackers now actively exploit command injection flaws in Zyxel NAS326 and NAS542 devices. These end-of-life NAS units allow threat actors to run arbitrary commands, maintain persistence, and infiltrate internal networks, prompting urgent calls for device isolation and replacement.
The Iran-linked APT MuddyWater has resurfaced with a new, stealthy malware loader disguised as a retro Snake-style game. The loader delivers a memory-only backdoor to Israeli targets. This shift shows how APTs increasingly combine social-engineering and covert execution to bypass defenses.
A cyberattack on Crisis24’s OnSolve CodeRED platform disrupted emergency alerts for cities, counties, police and fire agencies across the U.S. The INC Ransom group claims responsibility, with stolen resident data, clear-text passwords and a rollback to older backups now forcing agencies to rebuild their notification capabilities and review credential hygiene.
A cyberattack on real-estate finance vendor SitusAMC has raised the risk that documents tied to major banks, including JPMorgan and Citi, may have been exposed. This analysis explains what we know so far, how attackers leverage third-party providers, and what banks and customers should do next.
Salesforce has flagged a significant incident where applications published by Gainsight enabled unauthorized access to customer data via OAuth tokens. This article breaks down what happened, why third-party integrations are the new attack surface, and how defenders can respond immediately.
Cloud Break research shows how attackers can silently take over IoT devices by impersonating them to cloud-managed firewalls and routers, abusing weak serial number–based identity and vendor control planes instead of firmware bugs. This article breaks down the attack path and maps practical defences for security teams running cloud-managed edge gear.
A public PoC exploit tool for CVE-2025-64446 now turns FortiWeb WAF appliances into high-value RCE targets. The bug uses a relative path traversal flaw to execute administrative commands over HTTP or HTTPS, and active exploitation in the wild, CISA KEV inclusion, and GitHub tooling mean security teams must urgently patch, lock down management access, and fold FortiWeb into their broader Fortinet and perimeter compromise playbooks.
Researchers uncovered serious AI bugs across Meta, Nvidia, Microsoft and open-source inference frameworks after tracking a ShadowMQ deserialization pattern built on ZeroMQ and Python pickle. At the same time, new research shows how Cursor’s AI IDE can be hijacked via rogue MCP servers, turning developer workstations into high-value malware delivery platforms if teams ignore AI supply-chain security.