Two British teenagers have pleaded not guilty to serious Computer Misuse Act charges over a 2024 cyberattack on Transport for London, an intrusion that disrupted digital services, exposed customer data and allegedly cost the authority about £39 million. Their case now sits at the intersection of teen cybercrime, critical-infrastructure risk and the UK’s toughest penalties for hacking.
Grafana Enterprise patched a critical CVSS 10.0 SCIM vulnerability, CVE-2025-41115, that allowed attackers to impersonate privileged users through numeric external IDs. Learn how the flaw worked, which versions were affected, and what steps security teams must take to secure Grafana deployments.
A China-aligned threat group known as PlushDaemon runs a Chinese APT router hijacking campaign that implants EdgeStepper on vulnerable routers, reroutes software-update traffic for popular Chinese-language applications and delivers the SlowStepper espionage toolkit through trusted update channels, turning routine network gear into an adversary-in-the-middle platform.
CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager’s REST APIs that CISA now lists as actively exploited. By abusing a security filter bypass and a Groovy compilation endpoint, attackers can run arbitrary code on identity-tier servers over HTTP. This article explains the exploit chain, CISA’s KEV deadline and how Oracle shops should patch, monitor and lock down their Identity Manager deployments.
Salesforce has flagged a significant incident where applications published by Gainsight enabled unauthorized access to customer data via OAuth tokens. This article breaks down what happened, why third-party integrations are the new attack surface, and how defenders can respond immediately.
BadAudio gives APT24 a stealthy first-stage foothold in a long-running espionage campaign that focuses on Windows environments. The C++ downloader hides behind DLL search-order hijacking, control-flow obfuscation and AES-encrypted C2, while the group rotates between watering-hole attacks, supply-chain compromises and targeted spearphishing to deliver it. This article breaks down BadAudio’s loader behavior, APT24’s evolving tradecraft and the defensive steps that help security teams detect, contain and disrupt this PRC-nexus operation.
Matrix Push C2 is a browser-native command-and-control framework that hijacks web push notifications to deliver phishing prompts, brand-spoofed alerts and malware. By abusing legitimate notification flows, it turns a routine “Allow notifications” click into a persistent phishing channel that most security stacks barely monitor.
Within four weeks, AWS, Azure and Cloudflare all suffered major outages triggered by internal configuration and metadata failures rather than attacks. This article unpacks the Cloudflare–Azure–AWS outage pattern, examines how cloud centralisation amplifies these incidents and outlines realistic resilience moves for IT, SRE and security teams.
TamperedChef malware no longer hides only behind a rogue PDF editor. In its latest evolution, the campaign uses signed fake software installers, malvertising and SEO poisoning to deliver an obfuscated JavaScript backdoor via a dropped XML-scheduled task. Telemetry shows a strong footprint in the U.S. and heavy impact on healthcare, construction and manufacturing, where users often search online for product manuals and tools. This article unpacks the global infrastructure, shell-company certificates and execution chain so defenders can hunt and harden effectively.
Newly disclosed vulnerabilities in the Ollama framework allow attackers to execute arbitrary code by feeding the server malicious GGUF model files. This article explains how the mllama metadata parsing flaw works, why versions before 0.7.0 are at risk, and what AI security teams should do to harden their local LLM infrastructure against code execution attacks.