Lightnews — Scholar-powered news

ransomNews @ransomnews.online · 12h

⚠️ Severe figma MCP vulnerability allows remote code execution

A command-injection flaw in Figma’s MCP server (CVE-2025-53967) lets attackers send crafted input to execute arbitrary shell commands.

👉🏻 fixed in version 0.6.3.

#ransomNews #figma #mcp

1

ransomNews @ransomnews.online · 13h

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴☠️ gruppo #Sinobi
🧬 Tecnomarket SNC | Rubiera (RE)
🎯 settore: arredamento
🔗 tecnomarketrubiera.it
🗓️ 08 ottobre 2025

📄 sample: -
▪️ dati esfiltrati dichiarati: -
▪️ dati esfiltrati pubblicati: 7.50GB
⏲️ scadenza: -

#ransomNews #security #infosec

3

ransomNews @ransomnews.online · 13h

⚠️ New threat actor on the radar ⚠️

🥷🏻 KRYPTOS
🗓️ added on October 8

🥢 Overview
Kryptos Group portrays itself as a decentralized “council” of hackers with no leader or HQ. Their creed: encryption, balance, and disruption.

#ransomNews #security #infosec #newthreatactor

2

ransomNews @ransomnews.online · 17h

⚠️ Salesforce rejects ransom demand after data extortion

#Salesforce says it will not negotiate with or pay extortionists claiming they stole data from its customers.

ScatteredLapsus$Hunters target client systems, not the core Salesforce platform.

#ransomNews #dataextortion #cloudsecurity

2

ransomNews @ransomnews.online · 1d

⚠️ Critical Redis flaw endangers 60 000 servers

A 13-year-old use-after-free bug (CVE-2025-49844) in Redis’s Lua engine may allow authenticated users to execute arbitrary code. 330K #Redis instances are internet-exposed, 60 000 lack auth.

👉🏻 patch urgently.

#ransomNews #redis #vulnerability

1 2

ransomNews @ransomnews.online · 1d

🚨 Kuwait Public Works Ministry suffers major breach

A threat actor claims to have exfiltrated “massive” data from Kuwait’s Ministry of Public Works (MPW), listing sensitive internal records for sale. Target includes PII, project files, and infrastructure data.

#ransomNews #Kuwait

ransomNews @ransomnews.online · 1d

⚠️ Microsoft warns of critical GoAnywhere flaw under attack

A zero-day in Fortra’s GoAnywhere MFT (CVE-2024-0204) is being actively exploited to steal data and deploy ransomware. Microsoft links the activity to Lace Tempest, known for CL0P ransomware.

👉🏻 patch immediately.

#ransomNews #GoAnywhere

1

ransomNews @ransomnews.online · 2d

⚠️ The click isn’t “Join meeting”, it’s Join compromise

That “urgent meeting” in your inbox?
Might be carrying a #payload.

Attackers are now hiding base64 HTML code inside .ics files, using client quirks to slip past filters.

#CyberSecurity #Phishing #Infosec #RedTeam #BlueTeam

#PacketHunters - HTML smuggling in Calendar invites (aka the .ics you didn’t inspect) - Baited

What looks like a harmless calendar invite can be a hidden delivery system. Attackers are now embedding base64-encoded HTML payloads inside .ics files — turning “urgent meeting” requests into stealth…

blog.baited.io

4

ransomNews @ransomnews.online · 2d

⚠️ Unity patches critical vulnerability affecting Android, Windows & Linux

A flaw in the #Unity engine allowed malicious code execution through crafted asset bundles. Attackers could exploit games or apps using unpatched Unity versions.

👉🏻 developers urged to update to latest release.

#ransomNews

1 1

ransomNews @ransomnews.online · 2d

⚠️ Yurei ransomware emerges with new stealth features

A fresh Yurei variant targets Windows systems, using Go-based payloads, DLL side-loading, and encrypted configs. It disables recovery, deletes backups, and spreads laterally, combining #ransomware and espionage tactics.

#ransomNews #Yurei

ransomNews @ransomnews.online · 2d

🚨 Hackers extort Salesforce after mass customer data theft

SSLSH breached #Salesforce by exploiting permissions flaws, stole customer data from dozens of clients, and is now extorting both Salesforce and affected customers.

#ransomNews #SalesforceHack #DataExtortion

1

ransomNews @ransomnews.online · 2d

⚠️ Oracle patches critical CVE-2025-61882 in WebLogic quickly

#Oracle released fixes addressing a high-severity WebLogic vulnerability (CVE-2025-61882) that could enable remote attackers to execute code.

👉🏻 users urged to apply updates immediately to avoid exposure.

#ransomNews #OraclePatch

ransomNews @ransomnews.online · 3d

🚨 UPDATE Red Hat

Scattered LAPSUS$ Hunters claimed multiple TBs have been exfiltrated from the RH repo theft.

Deadline is 5 days starting today, on October 10.

#ransomNews #RedHat

ransomNews @ransomnews.online · 5d

🚨 UPDATE: Red Hat confirms GitLab hack and data theft

Attackers breached Red Hat’s GitLab instance and stole source code, internal docs and possibly credentials. The company discloses ongoing investigation and steps to mitigate damage.

#ransomNews #RedHatHack #GitLabBreach

ransomNews (@ransomnews.online)

🚨 Red Hat confirms breach after GitHub repos stolen Attackers gained access to Red Hat #GitHub and stole multiple internal repositories. The exposed code includes software, APIs, and documentation.…

bsky.app

2

ransomNews @ransomnews.online · 3d

⚠️ Digital scam trends shaping 2025

Texts and messaging are the top scam vectors (especially among younger users). Passkey adoption grows (33% of MFA users), but trust in privacy erodes: only 48% believe their data isn’t being shared without consent.

#ransomNews #DigitalScams2025 #Passkeys

Passkeys rise, but scams still hit hard in 2025 - Help Net Security

Digital scam trends 2025 reveal rising text-based scams, growing passkey adoption, and ongoing racial disparities in scam losses.

www.helpnetsecurity.com

1

ransomNews @ransomnews.online · 4d

KillSec 4.0 and the clock ticks..

3

ransomNews @ransomnews.online · 4d

They don't deserve to be on any social platform.

1 1

ransomNews @ransomnews.online · 4d

⚠️ WarmCookie resurfaces with stealth handlers

Malware reappears after takedown; new variant adds stealthy handlers and uses expired C2 TLS certificates to evade detection, strengthen persistence, and complicate tracking.

#ransomNews #WarmCookie #Malware

1 1

ransomNews @ransomnews.online · 4d

⚠️ Rhadamanthys info-stealer resurfaces as MaaS

Sold on underground marketplaces; modular infostealer that steals browser creds, crypto wallets, tokens and files. Delivered via phishing/ClickFix/mshta and malicious installers; rapid feature updates (AI OCR).

#ransomNews #Rhadamanthys #InfoStealer

1

ransomNews @ransomnews.online · 4d

⚠️ GhostSocks malware-as-a-service offering proxy access

Commercial MaaS selling builders, admin panels and SOCKS proxy/backdoor features to buyers, used to anonymize access, enable lateral movement and resell compromised access; marketed on underground forums with subscription tiers.

#ransomNews

1

ransomNews @ransomnews.online · 5d

⚠️ Israeli hospital hit: patient record leak feared

Assaf Harofeh medical center was attacked during Yom Kippur. The medical records system used across Israeli hospitals was disrupted.

A Russian-speaking group (alleged Qilin) demanded $700k and threatened to publish patient data.

#ransomNews

1 3

ransomNews @ransomnews.online · 5d

🚨 UPDATE: Red Hat confirms GitLab hack and data theft

Attackers breached Red Hat’s GitLab instance and stole source code, internal docs and possibly credentials. The company discloses ongoing investigation and steps to mitigate damage.

#ransomNews #RedHatHack #GitLabBreach

ransomNews (@ransomnews.online)

🚨 Red Hat confirms breach after GitHub repos stolen Attackers gained access to Red Hat #GitHub and stole multiple internal repositories. The exposed code includes software, APIs, and documentation.…

bsky.app

2 5

ransomNews @ransomnews.online · 5d

🚨 UPDATE: Oracle confirms extortion campaign over E-Business Suite

Hackers at CL0P claim to have stolen sensitive data from Oracle EBS and have sent extortion emails to executives. The attackers point to unpatched vulnerabilities and leaked infrastructure info.

#ransomNews #OracleBreach #Extortion

ransomNews (@ransomnews.online)

🚨 CL0P gang claims breach of Oracle E-Business Suite Extortion emails from CL0P threaten to publish supposed data from Oracle EBS customers. They demand ransom tied to “FILE SOCIETY” data leaks.…

bsky.app

2

ransomNews @ransomnews.online · 5d

🚨 Splunk six critical flaws critical in Enterprise & Cloud

The newly revealed issues include cross-site scripting (XSS) in multiple endpoints and an unauthenticated blind SSRF (CVE-2025-20371). Attackers may exploit them to run malicious JavaScript, leak data, or coerce REST API calls via PU.

ransomNews (@ransomnews.online)

⚠️ Splunk Enterprise: patch now Critical RCE & auth-bypass let attackers run code and steal data. 👉🏻 patch now, restrict network access, rotate creds, monitor logs. #ransomNews #Splunk #RCE

bsky.app

4

ransomNews @ransomnews.online · 5d

⚠️ Hackers retract stolen child data amid backlash

After leaking sensitive child data, a hacking group pulled it offline following widespread outcry. The move appears to be a PR-driven damage control rather than tech failure.

#ransomNews #ChildData #Hacktivism

1

ransomNews @ransomnews.online · 5d

@sonoclaudio.ransomnews.online @signorina37.ransomnews.online @fedtalk.bsky.social @garantepiracy.it @lucabolognini.bsky.social @marcoschiaffino.bsky.social