Security researchers discovered a critical vulnerability in Oracle E-Business Suite (EBS) that enables privilege escalation across enterprise systems. The flaw, tracked under CVE-2025-31245, could allow attackers to execute administrative actions without proper authorization if left unpatched.
BADCANDY continues to compromise exposed Cisco IOS XE devices via CVE-2023-20198. Close the web UI exposure, patch now, rotate credentials, and verify eradication.
North Korea–linked hackers now embed JavaScript malware in blockchain smart contracts via EtherHiding. This stealthy method turns public blockchains into resilient drop zones. The multi-stage campaign includes JADESNOW and InvisibleFerret backdoors, demanding new defense strategies.
Microsoft’s emergency out-of-band update (KB5070773) fixes a USB input failure in the Windows Recovery Environment that impacted Windows 11 and Server 2025 devices. This article explains the bug, affected platforms, and recommended actions for IT professionals.
NGAV (next-gen antivirus) focuses on stopping malware and exploits with AI and behavior analysis. EDR adds continuous visibility, investigation, and one-click response when prevention misses. For most SMEs, start with a strong NGAV baseline and move to EDR as soon as you can support alerts and response especially if ransomware or hands-on-keyboard attacks worry you. …
LandFall is a commercial-grade Android spyware that weaponized WhatsApp images to exploit a Samsung zero-day in the image pipeline. The payload rode malformed DNG files, then modified SELinux and deployed modules for full-device surveillance. Patch promptly and restrict media auto-download.
Detour Dog has transitioned into DNS-powered malware operations. Its latest campaign distributes Strela Stealer through TXT-encoded commands and modular backdoors. This evolution marks a new wave of protocol abuse challenging traditional network defense.
An engineering-consultant firm supporting Ireland’s defective-block grant scheme suffered a breach that may have exposed homeowner personal data. This article explains the incident, the risks and the lessons cybersecurity teams must apply.
Despite enabling safety filters, child accounts on TikTok have received explicit content suggestions via search. This investigation reveals algorithmic failures and urges stronger oversight for youth protection.
Criminal crews deploy legitimate RMM tools inside carriers and brokers, then hijack booking and dispatch to steal real freight. This body explains how access lands, which artifacts reveal the intrusion, and what controls stop RMM-driven cargo theft without breaking logistics operations or delaying shipments.