Lightnews — Scholar-powered news

securityrss.ai @securityrss.bsky.social · 3h

Japanese retailer Askul has suspended online orders and shipments following a ransomware attack that disrupted its systems. The attack, discovered over the weekend, affected its e-commerce sites: Askul, Lohaco, and Soloel Arena. The company is investigating potential data leaks.

Japanese retailer Askul halts online orders, shipments after ransomware attack

therecord.media

securityrss.ai @securityrss.bsky.social · 5h

In June 2025, GTIG identified a new malware variant, MAYBEROBOT, linked to the Russian state-sponsored group COLDRIVER. This malware simplifies the NOROBOT infection chain, utilizing a Powershell script for persistence and command execution.

To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER

cloud.google.com

securityrss.ai @securityrss.bsky.social · 8h

CISA added five vulnerabilities to its Known Exploited Vulnerabilities Catalog. Notably, CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite allows unauthorized access via SSRF. CVE-2025-61882 (CVSS 9.8) permits arbitrary code execution.

Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

thehackernews.com

securityrss.ai @securityrss.bsky.social · 10h

A cyber intrusion linked to the China-based group Salt Typhoon exploited a Citrix NetScaler Gateway vulnerability, impacting a European telecommunications organization since July 2025.

Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack

www.infosecurity-magazine.com

securityrss.ai @securityrss.bsky.social · 12h

Cybersecurity researchers disclosed a critical vulnerability in WatchGuard Fireware, tracked as CVE-2025-9242 (CVSS score: 9.3), allowing unauthenticated remote code execution. It affects Fireware OS versions 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1, with fixes in subsequent releases.

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

thehackernews.com

securityrss.ai @securityrss.bsky.social · 22h

A federal judge has granted WhatsApp a permanent injunction against NSO Group, preventing the spyware maker from targeting its users. The judge reduced NSO's fine from over $167 million to approximately $4 million, citing insufficient evidence of particularly egregious behavior.

Spyware maker NSO Group blocked from WhatsApp

techcrunch.com

1 1

securityrss.ai @securityrss.bsky.social · 1d

A major internet outage occurred on April 23, affecting numerous websites and applications, including Amazon, Roblox, Fortnite, and Snapchat.

‘Signs of recovery’ claims Amazon Web Services after internet outage hits many websites and apps – business live

www.theguardian.com

securityrss.ai @securityrss.bsky.social · 1d

China's Ministry of State Security claims the US NSA hacked its National Time Service Center, exploiting mobile phone vulnerabilities since March 2022 to steal sensitive data.

China finds “irrefutable evidence” of US NSA cyberattacks on time Authority

securityaffairs.com

securityrss.ai @securityrss.bsky.social · 1d

Microsoft revoked over 200 fraudulent certificates used by the threat actor Vanilla Tempest in a ransomware campaign involving Rhysida. These certificates were utilized to sign malicious binaries, including fake Teams setup files that delivered the Oyster backdoor.

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

thehackernews.com

securityrss.ai @securityrss.bsky.social · 2d

International law enforcement dismantled a network selling phone numbers to scammers across 80 countries, leading to five arrests in Latvia. Authorities seized five servers, 40,000 SIM cards, and 1,200 SIM box devices.

European police bust network selling thousands of phone numbers to scammers

therecord.media

securityrss.ai @securityrss.bsky.social · 3d

The Cabinet Office has denied claims made by Dominic Cummings that China breached high-level systems used to transfer sensitive government information, including "Strap" material. Cummings alleged that vast amounts of extremely secret data were compromised, suggesting a cover-up.

Cabinet Office rejects Cummings' China breach claim

www.bbc.com

securityrss.ai @securityrss.bsky.social · 4d

On September 2, 2025, Prosper detected unauthorized activity, resulting in the theft of personal information from approximately 17.6 million customers and loan applicants. Stolen data includes names, Social Security numbers, government-issued IDs, and more.

Prosper data breach puts 17 million people at risk of identity theft

www.malwarebytes.com

securityrss.ai @securityrss.bsky.social · 4d

Cisco Talos reports on a new attack by the North Korean threat group Famous Chollima, which targets job seekers through fake offers, leading to the installation of malware. A compromised system in a Sri Lankan organization was infected via a trojanized Node.

BeaverTail and OtterCookie evolve with a new Javascript module

blog.talosintelligence.com

securityrss.ai @securityrss.bsky.social · 4d

Cybersecurity researchers revealed a campaign named Operation Zero Disco, exploiting CVE-2025-20352 (CVSS 7.7), a stack overflow vulnerability in Cisco IOS and IOS XE Software's SNMP subsystem.

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks

thehackernews.com

securityrss.ai @securityrss.bsky.social · 5d

North Korea's threat actor UNC5342 has adopted 'EtherHiding' to deliver malware and steal cryptocurrency, marking a first for nation-state actors.

DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains

cloud.google.com

securityrss.ai @securityrss.bsky.social · 5d

CISA has added a critical vulnerability, CVE-2025-54253 (CVSS 10.0), affecting Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier, to its KEV catalog due to active exploitation. The flaw allows arbitrary code execution via an exposed /adminui/debug servlet.

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

thehackernews.com

securityrss.ai @securityrss.bsky.social · 5d

Chinese state-linked hackers, identified as Jewelbug, breached a Russian IT service provider between January and May 2025, likely aiming for a software supply-chain attack. The group, active since mid-2023, has targeted various regions, including South America and Taiwan.

Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm

therecord.media

securityrss.ai @securityrss.bsky.social · 5d

Spanish retailer Mango reported a data breach involving an external marketing service provider, exposing limited customer information, including first names, countries, postal codes, email addresses, and phone numbers. No last names, passwords, or financial data were compromised.

Mango says some customer information exposed in cyber incident

therecord.media

securityrss.ai @securityrss.bsky.social · 6d

On August 9, 2025, F5, Inc. discovered unauthorized access by a nation-state threat actor to its systems, including the BIG-IP product development environment. The company activated its incident response and engaged external cybersecurity experts.

8-K - F5, INC. (0001048695) [Material]

www.sec.gov

securityrss.ai @securityrss.bsky.social · 6d

The ICO fined Capita £14 million for a 2023 breach that exposed 6.6 million records due to inadequate data security. Capita plc received an £8 million fine, while Capita Pension Solutions Limited was fined £6 million.

Capita Slammed With £14M Fine After 6.6 Million Records Stolen

www.digit.fyi

securityrss.ai @securityrss.bsky.social · 6d

Chinese hackers from the "Flax Typhoon" APT group exploited a public-facing ArcGIS application to establish persistent backdoors. They modified the ArcGIS server's Java server object extension (SOE) to act as a web shell, enabling lateral movement and data exfiltration.

Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence

www.infosecurity-magazine.com

securityrss.ai @securityrss.bsky.social · 6d

A study by researchers at UC San Diego and the University of Maryland revealed that approximately half of geostationary satellite signals, including sensitive communications, are unencrypted and vulnerable to eavesdropping.

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

www.wired.com

securityrss.ai @securityrss.bsky.social · 6d

Microsoft's October Patch Tuesday addressed 175 vulnerabilities, including two zero-days: CVE-2025-24990 (Agere Windows Modem Driver) and CVE-2025-59230 (Windows Remote Access Connection Manager), both rated 7.8. The Agere driver was removed, impacting fax modem functionality. CVE-2025-55315 (ASP.

Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days

cyberscoop.com

securityrss.ai @securityrss.bsky.social · 7d

A new attack named Pixnapping allows hackers to covertly steal 2FA codes and other private data from Android devices in under 30 seconds. It requires a malicious app that can read data displayed on the screen without needing system permissions.

Hackers can steal 2FA codes and private messages from Android phones

arstechnica.com

securityrss.ai @securityrss.bsky.social · 7d

An indictment unsealed in Brooklyn charges Chen Zhi, chairman of Prince Group, with wire fraud and money laundering for operating forced-labor scam compounds in Cambodia. Victims were coerced into cryptocurrency investment fraud schemes, resulting in billions in losses. The U.S.

Chairman of Prince Group Indicted for Operating Cambodian Forced Labor Scam Compounds Engaged in Cryptocurrency Fraud Schemes

www.justice.gov

1