Cl0p Exploits Oracle Zero-Day in Massive Extortion Spree; SonicWall Breach Hits All Cloud Backup Users

GitHub Patches 'CamoLeak' Flaw in Copilot That Allowed Silent Code and Secret Exfiltration

A critical vulnerability, dubbed 'CamoLeak,' has been discovered and patched in **[GitHub Copilot Chat](https://github.com/features/copilot)**. The flaw, rated 9.6 CVSS by researcher Omer Mayraz of Legit Security, allowed attackers to silently steal private so...

Crypto Platform Shuffle.com Discloses Major Data Breach via Third-Party CRM Provider

Crypto betting platform **[Shuffle.com](https://shuffle.com/)** has confirmed a significant data breach affecting a majority of its users. The incident occurred not on Shuffle's own systems, but at its third-party CRM provider, **Fast Track**. On October 10, S...

New 'White Lock' Ransomware Emerges, Demanding 4 Bitcoin and Threatening Data Leaks

A new ransomware strain named **White Lock** has been identified by cybersecurity researchers. Operating as a double-extortion threat, the malware first exfiltrates sensitive data before encrypting files on the victim's Windows system, appending the `.fbin` ex...

Humiliation for Pro-Russian Hackers 'TwoNet' After Attacking Decoy Water Utility Honeypot

The pro-Russian hacktivist group **TwoNet** has been publicly embarrassed after cybersecurity firm **[Forescout](https://www.forescout.com/)** revealed the group was duped into attacking a sophisticated decoy system. In September, TwoNet boasted on Telegram ab...

US Cyber Threat Sharing Law 'CISA 2015' Expires, Creating Potential Intelligence Gap

The Cybersecurity Information Sharing Act of 2015 (CISA 2015), a foundational U.S. law that provided liability protections to encourage private companies to share cyber threat data with the government, expired on October 1, 2025. Amidst a government shutdown a...

New Chinese APT 'Phantom Taurus' Targets Global Geopolitical Intel with 'NET-STAR' Malware

A newly designated, sophisticated threat group aligned with China, named **Phantom Taurus**, has been identified conducting long-term cyber-espionage campaigns. Active for over two years, the group targets government, military, and telecommunications organizat...

Killsec Ransomware Claims Attack on Indonesian FinTech WalletKu, Threatens to Leak KYC Data

The **Killsec** ransomware group has claimed responsibility for an attack on **WalletKu Indompet Indonesia**, a financial technology firm based in Jakarta. WalletKu provides a digital payment application primarily for micro, small, and medium enterprises. Acco...

'Datzbro' Android Trojan Targets Seniors in Global AI-Powered Facebook Scam

A global malicious campaign is using AI-generated content to create fake **[Facebook](https://www.facebook.com/)** groups that target seniors. The campaign, detailed in a CYFIRMA report, sets up convincing-looking communities for social events to lure victims...

Cl0p Gang Exploits Oracle EBS Zero-Day in Massive Data Theft Spree

Update:The FBI has issued an emergency warning regarding the Cl0p campaign exploiting CVE-2025-61882 in Oracle EBS, with Harvard University confirmed as a victim. New intelligence from Google and Mandiant reveals the use of a sophisticated, fileless malware suite inc...