A recent cyber campaign used a spoofed Microsoft Teams installer to deploy the Oyster backdoor, leveraging poisoned search results and short-lived code-signing certificates. Hackers spoof Teams app pages to trick users into downloading what appears to be legitimate software but is in fact malware. The installer, signed by “KUTTANADAN CREATIONS INC.,” evaded detection due to […]
Security researchers at Noma Labs uncovered a critical vulnerability, dubbed ForcedLeak, in Salesforce Agentforce that allows attackers to exfiltrate sensitive CRM data through indirect prompt injection. The flaw, rated CVSS 9.4, specifically affects organizations using Agentforce with Web-to-Lead functionality enabled. Exploiting gaps in context validation and AI behavior, adversaries can embed malicious instructions in web […]
European regulators have launched a formal investigation into SAP’s aftermarket services for its on-premise enterprise resource planning (ERP) software. The EU probes SAP over whether its practices may restrict competition by limiting customer choices in ERP support services. The European Commission aims to determine if SAP’s conduct violates antitrust rules by tying customers to its […]
Dutch authorities have arrested two teenagers suspected of intercepting wireless network traffic on behalf of Russian operatives. The suspects, identified only as minors, allegedly engaged in Wi-Fi sniffing activities targeting sensitive communications. Investigators believe the Dutch teens caught in WiFinaturally participated in a broader espionage campaign linked to Russian intelligence interests. The case has raised […]
A lithium-ion battery explosion ignited a fire at the National Information Resources Service facility in Daejeon, triggering a major South Korea data fire that disabled more than 600 government websites. The blaze, which began Friday evening during battery relocation work, caused a thermal runaway that burned for nearly 10 hours and forced authorities to shut […]
A newly developed proof-of-concept known as the EDR-Freeze tool exploits Windows functionality by leveraging the Windows Error Reporting (WER) system to suspend security software directly from user mode. This technique raises concerns about the ability of threat actors to bypass endpoint detection and response (EDR) systems without requiring administrative privileges. The EDR-Freeze tool exploits Windows […]
Threat actors have increasingly exploited Oracle Scheduler to breach corporate networks by abusing its External Jobs feature. Recent incidents show attackers executing system-level commands through extjobo.exe, gaining unauthorized access even in segmented environments. Researchers observed adversaries initiating attacks by scanning for exposed Oracle listener ports and exploiting misconfigured or default credentials. Once inside, Oracle Scheduler […]
A malicious update disguised as a routine BlockBlasters Steam patch has exposed hundreds of users to a data-stealing malware campaign. The infected update, released on August 30, 2025, targeted players of the 2D platformer developed by Genesis Interactive, turning a trusted download into a vehicle for cyber intrusion. Security analysts at G Data discovered the […]
Cybercriminals have begun deploying AsyncRAT hides in malicious SVGs that mimic legitimate web portals, security researchers report. These Scalable Vector Graphics files are crafted to appear authentic while avoiding detection, as they do not require connections to external websites to function. The deceptive SVGs leverage embedded scripts to initiate the download and execution of the […]
A ransomware attack disrupted operations at several major European airports over the weekend, causing widespread delays and confusion for travelers. The Ransomware Attack Disrupts Majornaturally check-in and boarding systems, leaving airlines and passengers grappling with significant service interruptions. Security teams moved quickly to isolate affected networks and begin recovery efforts. Authorities confirmed that the cyberattack […]
Britain’s Secret Intelligence Service, MI6, has launched a new recruitment initiative by creating a secure portal on the dark web. The move, described as a way to simplify communication for potential agents, marks a significant shift in how the agency engages with candidates. MI6 launches dark web access to offer anonymity and protection for those […]
European Digital Rights (EDRi) and its coalition partners from Resist Europol have submitted a critical response to the European Commission’s recent call for evidence on potential reforms to Europol’s mandate. In their submission, EDRi blasts Europol power, warning that expanding the agency’s authority could threaten fundamental rights and digital freedoms across the European Union. The […]