Urgent WSUS Patch Mandated Amidst Wave of Zero-Day Exploits Targeting Oracle, Chrome, and AI Agents

"Shadow Escape" Zero-Click Attack Exploits AI Agents like ChatGPT to Silently Exfiltrate Data

A novel zero-click attack vector named "Shadow Escape" has been discovered by researchers at Operant, capable of silently exfiltrating sensitive data from popular AI agents like OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini. The attack exploits the Model Context Protocol (MCP) by embedding hidden malicious instructions within seemingly benign documents. This allows for the theft of personally identifiable information (PII) without any user interaction, bypassing traditional security tools and posing a significant threat to enterprises adopting agentic AI.

AI SecurityZero-ClickChatGPTGeminiClaude +3 more

"Shadow Escape": New Zero-Click Attack Steals Data from ChatGPT, Claude, and Gemini

Cyberattack

Cloud Security

Massive 70TB Data Leak at Tata Motors from Exposed AWS Keys

Tata Motors Data Leak Exposes 70TB of Sensitive Data Due to Misconfigured AWS Credentials

A colossal security failure at Tata Motors has resulted in the exposure of over 70 terabytes of sensitive corporate data, customer information, and infrastructure details. The breach, which was first identified in 2023, stemmed from multiple critical misconfigurations, including plaintext Amazon Web Services (AWS) access keys hardcoded on a customer-facing website. These credentials provided unrestricted access to numerous S3 buckets containing a vast trove of data, including customer PII and financial records.

Data LeakAWSS3 BucketMisconfigurationCloud Security +2 more

Massive 70TB Data Leak at Tata Motors from Exposed AWS Keys

Cloud Security

Policy and Compliance

New "Airstalk" Malware Abuses VMware API in Nation-State Supply Chain Attack

Suspected Nation-State Actor Deploys "Airstalk" Malware in Supply Chain Attack, Abusing VMware Workspace ONE API

A newly identified malware strain, "Airstalk," has been deployed in a sophisticated supply chain attack believed to be sponsored by a nation-state actor. The activity, tracked as the cluster CL-STA-1009, is notable for its novel command-and-control (C2) technique: it misuses the API of VMware's Workspace ONE Unified Endpoint Management (UEM), formerly AirWatch, to communicate covertly. The malware is also signed with a likely stolen digital certificate to evade detection, pointing to a well-resourced and stealthy adversary.

AirstalkSupply Chain AttackNation-StateVMwareWorkspace ONE +2 more

Supply Chain Attack

Malware

Threat Actor

Herodotus Android Malware Mimics Human Typing to Bypass Biometric Security

MEDIUM

New "Herodotus" Android Banking Trojan Evades Detection by Mimicking Human Typing

A new Android banking trojan named Herodotus has emerged, offered as a Malware-as-a-Service (MaaS) by a threat actor known as 'K1R0'. The malware is notable for its novel evasion technique: it mimics human typing behavior by introducing random delays during remote control sessions. This method is specifically designed to defeat behavioral biometric security systems that analyze user interaction patterns to detect fraud. Active campaigns have been observed targeting banking and crypto app users in Italy and Brazil.

HerodotusAndroidMalwareBanking TrojanMaaS +2 more

4 min read

Malware

Mobile Security

Phishing

Chrome Zero-Day Exploited by "Mem3nt0 mori" APT to Deploy Spyware

CRITICAL

"Mem3nt0 mori" APT Exploits Chrome Zero-Day (CVE-2025-2783) in "Operation ForumTroll" Espionage Campaign

A critical zero-day vulnerability in Google Chrome, CVE-2025-2783, has been actively exploited in a targeted espionage campaign dubbed "Operation ForumTroll." The campaign, which began in March 2025, is attributed to the advanced persistent threat (APT) group known as "Mem3nt0 mori." The attackers used the exploit to deliver a sophisticated backdoor called LeetAgent, a spyware tool developed by the Italian vendor Memento Labs, primarily targeting organizations in Russia and Belarus.

ChromeZero-DayCVE-2025-2783APTMem3nt0 mori +3 more

Chrome Zero-Day Exploited by "Mem3nt0 mori" APT to Deploy Spyware

Vulnerability

Threat Actor

Cyberattack

Updated Articles (2)

Qantas Data Breach: 5.7M Customer Records Leaked in Salesforce Supply Chain Attack

Updated: October 29, 2025

Hacker Collective 'Scattered Lapsus$ Hunters' Leaks 5.7 Million Qantas Customer Records Following Ransom Demand

Update:

A new KnowBe4 report details the escalating threat from 'Scattered Spider' (UNC3944), the group involved in the Qantas breach. Their social engineering, vishing (up 449%), MFA fatigue, and deepfake audio tactics have led to hundreds of millions in losses for UK retailers like M&S and Harrods. This confirms the Qantas incident as part of a larger, highly impactful campaign, providing critical new context on the group's evolving methods and broader victim scope. Updated mitigation strategies emphasize phishing-resistant MFA and enhanced help desk verification.

October 12, 2025

7 min read

Data BreachSupply Chain AttackScattered Lapsus$ HuntersSalesforceQantas +3 more

Supply Chain Attack

Threat Actor

Clop Ransomware Breaches American Airlines Subsidiary Envoy Air, Exploiting Oracle EBS Flaw

Updated: October 29, 2025

Envoy Air, an American Airlines Subsidiary, Confirms Breach by Clop Ransomware in Oracle EBS Hacking Campaign

Update:

The Clop ransomware campaign exploiting Oracle E-Business Suite vulnerabilities has expanded, now attributed to the FIN11 threat group and confirmed to leverage a zero-day flaw. New high-profile victims include industrial giants Schneider Electric and Emerson, along with Harvard and Wits Universities. Attackers exfiltrated massive data volumes, including 2.7 terabytes from Emerson and 116 gigabytes from Schneider Electric, indicating a severe and widespread threat to critical infrastructure and supply chains. Envoy Air was also part of this broader zero-day campaign.

October 18, 2025

ClopRansomwareEnvoy AirAmerican AirlinesOracle +3 more

Ransomware