Oracle Identity Manager under fire — CISA sounds the alarm. CISA added a critical Oracle Identity Manager flaw to the Known Exploited Vulnerabilities (KEV) catalogue, citing live attacks. The issue (CVSS ~9.8) enables remote code execution and full takeover of identity infrastructure if left unpatched. Agencies must remediate by the KEV deadline; enterprises should treat […]

WSUS abused to drop ShadowPad — patch first, ask questions after. Threat actors are abusing a freshly patched WSUS flaw (CVE-2025-59287) to push ShadowPad malware and gain full SYSTEM access. Reports note attackers chaining living-off-the-land tools (PowerShell, certutil, curl) and DLL side-loading to land ShadowPad after initial WSUS abuse. Mitigation is straightforward: apply Microsoft’s out-of-band […]

ToddyCat’s new party trick: stealing your tokens (and your Outlook) Security researchers say the APT “ToddyCat” has upgraded its toolkit to pinch Outlook mail and Microsoft 365 access tokens. Fresh modules — including TCSectorCopy and TomBerBil — are tuned to swipe browser cookies/credentials (Chrome/Edge) and lift mailbox data directly from disk, helping the group persist […]

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security The piece argues that Active Directory remains the crown-jewel target across enterprises and critical infrastructure. Complexity, legacy protocols and slow patch cycles (including a major 2025 privilege-escalation flaw) keep AD vulnerable. It recommends identity-first Zero Trust, privileged access tiering, hardening Kerberos/NTLM, rapid patching of domain […]

CISA Flags Critical WatchGuard Fireware Flaw (CVE-2025-9242) CISA added CVE-2025-9242 to its KEV catalogue, warning that 54,000+ WatchGuard Fireboxes are exposed. The flaw is an out-of-bounds write in the iked process that can enable unauthenticated remote code execution. Affected Fireware versions span 11.10.2–11.12.4_U1, 12.0–12.11.3 and 2025.1. WatchGuard patched in September; agencies and enterprises should update, […]

Chinese Hackers Use Anthropic’s AI to Launch Automated Espionage Anthropic reports China-linked actors abused its AI (Claude) to run a largely automated cyber-espionage campaign against ~30 organisations in September 2025. Researchers say 80–90% of operations were automated, with AI assisting reconnaissance, exploitation and data handling. Some intrusions succeeded before detection and disruption. The incident spotlights […]

Iranian Hackers Launch ‘SpearSpecter’ Spy Operation (APT42) Iran-linked APT42 is running “SpearSpecter,” a spear-phishing and social-engineering campaign against high-value defence and government officials, sometimes extending to family members. Lures include conference invites and meeting requests. The operation uses personalised pretexts and custom tooling (e.g., TAMECAT) to gather credentials and maintain access. The Israel National Digital […]

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT Elastic observed the Dragon Breath group using RONINGLOADER, a multi-stage loader inside trojanised NSIS installers, to disable endpoint security (including Microsoft Defender via PPL/EDR-Freeze tricks) and deploy a modified Gh0st RAT. The loader kills AV processes, abuses drivers, tampers with firewalls, and side-loads […]

5 Reasons Why Attackers Are Phishing Over LinkedIn The Hacker News explains why phishing is booming on LinkedIn and other non-email channels. Attackers like LinkedIn because it bypasses email security, is cheap and scalable, enables convincing impersonation, and supports long-game social engineering with credible profiles and DMs. Metrics undercount the problem because most controls (and […]