Clop Exploits Oracle Zero-Day; CISA Catalogs Multiple Actively Exploited Flaws

New 'Scattered Lapsus$ Hunters' Gang Extorts 39 Salesforce Customers on Leak Site

A new cybercriminal collective calling itself 'Scattered Lapsus$ Hunters' has emerged, claiming to be a merger of members from Scattered Spider, Lapsus$, and ShinyHunters. The group launched a dark web data leak site over the weekend of October 4-5, listing 39...

Signal Threatens to Exit EU Market if "Chat Control" Mass Surveillance Bill Passes

Meredith Whittaker, the president of the Signal Foundation, has declared that the encrypted messaging service will withdraw from the European Union if the controversial 'Chat Control' legislation is enacted. The proposed law, which faces a critical vote on Oct...

CISA Warns of Actively Exploited Windows Privilege Escalation Flaw (CVE-2021-43226)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2021-43226, a high-severity privilege escalation vulnerability in the Microsoft Windows Common Log File System (CLFS) Driver, to its Known Exploited Vulnerabilities (KEV) catalog. T...

Jaguar Land Rover Begins Phased Restart a Month After Crippling Cyberattack

On October 7, 2025, Jaguar Land Rover (JLR) announced it is beginning a phased restart of its manufacturing plants, more than a month after a major cyberattack on August 31 halted its global operations. The attack disrupted everything from production lines and...

CISA Adds Actively Exploited Zimbra XSS Zero-Day (CVE-2025-27915) to KEV Catalog

On October 7, 2025, CISA added CVE-2025-27915, a high-severity zero-day vulnerability in the Zimbra Collaboration Suite (ZCS), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is a stored cross-site scripting (XSS) issue in the ZCS Classic Web Cl...

AI Risk Disclosures Skyrocket Among S&P 500, Cybersecurity a Top Concern

A new report from The Conference Board, released on October 7, 2025, reveals a dramatic shift in corporate risk perception, with over 70% of S&P 500 companies now formally disclosing AI-related risks in their public filings. This is a massive jump from just 12...

Redis Patches Critical "RediShell" RCE Flaw (CVE-2025-49844) in Lua Sandbox

Redis has released patches for CVE-2025-49844, a critical use-after-free vulnerability nicknamed "RediShell" by the Wiz researchers who discovered it. The flaw, announced on October 7, 2025, allows an authenticated attacker to escape the Lua sandbox and achiev...

Digicloud Africa to Distribute Google's AI-Powered SecOps Platform Across Continent

Digicloud Africa, a major Google Cloud distributor, announced on October 6, 2025, that it has partnered with Google Security Operations. This collaboration will make Google's advanced, AI-driven cybersecurity solutions, including its cloud-native SIEM and SOAR...

CISA Warns of Widespread Flaws in Industrial Control Systems from Major Vendors

Update:CISA has issued specific advisories for vulnerabilities previously mentioned in a broader warning. Advisory ICSA-25-280-01 details flaws in Delta Electronics DIAScreen HMI software, potentially leading to remote code execution or denial of service. Additionall...

Cl0p Ransomware Exploits Oracle E-Business Suite Zero-Day in Mass Attack

Update:International cybersecurity agencies, including CISA and NCSC, have issued urgent warnings regarding the Clop ransomware group's active exploitation of CVE-2025-61882 in Oracle E-Business Suite. The vulnerability, now confirmed with a CVSS score of 9.8, has be...