Grafana CVSS 10.0 SCIM flaw Grafana fixed a CVSS 10.0 vulnerability in SCIM (Enterprise editions) that could let attackers sign in as admin. The bug was discovered internally on 4 Nov 2025; patches followed quickly. Grafana Cloud wasn’t affected. Admins should upgrade to the fixed versions immediately and review access logs for suspicious logins. This […]

Oracle Identity Manager under fire — CISA sounds the alarm. CISA added a critical Oracle Identity Manager flaw to the Known Exploited Vulnerabilities (KEV) catalogue, citing live attacks. The issue (CVSS ~9.8) enables remote code execution and full takeover of identity infrastructure if left unpatched. Agencies must remediate by the KEV deadline; enterprises should treat […]

WSUS abused to drop ShadowPad — patch first, ask questions after. Threat actors are abusing a freshly patched WSUS flaw (CVE-2025-59287) to push ShadowPad malware and gain full SYSTEM access. Reports note attackers chaining living-off-the-land tools (PowerShell, certutil, curl) and DLL side-loading to land ShadowPad after initial WSUS abuse. Mitigation is straightforward: apply Microsoft’s out-of-band […]

ToddyCat’s new party trick: stealing your tokens (and your Outlook) Security researchers say the APT “ToddyCat” has upgraded its toolkit to pinch Outlook mail and Microsoft 365 access tokens. Fresh modules — including TCSectorCopy and TomBerBil — are tuned to swipe browser cookies/credentials (Chrome/Edge) and lift mailbox data directly from disk, helping the group persist […]

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security The piece argues that Active Directory remains the crown-jewel target across enterprises and critical infrastructure. Complexity, legacy protocols and slow patch cycles (including a major 2025 privilege-escalation flaw) keep AD vulnerable. It recommends identity-first Zero Trust, privileged access tiering, hardening Kerberos/NTLM, rapid patching of domain […]

CISA Flags Critical WatchGuard Fireware Flaw (CVE-2025-9242) CISA added CVE-2025-9242 to its KEV catalogue, warning that 54,000+ WatchGuard Fireboxes are exposed. The flaw is an out-of-bounds write in the iked process that can enable unauthenticated remote code execution. Affected Fireware versions span 11.10.2–11.12.4_U1, 12.0–12.11.3 and 2025.1. WatchGuard patched in September; agencies and enterprises should update, […]

Chinese Hackers Use Anthropic’s AI to Launch Automated Espionage Anthropic reports China-linked actors abused its AI (Claude) to run a largely automated cyber-espionage campaign against ~30 organisations in September 2025. Researchers say 80–90% of operations were automated, with AI assisting reconnaissance, exploitation and data handling. Some intrusions succeeded before detection and disruption. The incident spotlights […]

Iranian Hackers Launch ‘SpearSpecter’ Spy Operation (APT42) Iran-linked APT42 is running “SpearSpecter,” a spear-phishing and social-engineering campaign against high-value defence and government officials, sometimes extending to family members. Lures include conference invites and meeting requests. The operation uses personalised pretexts and custom tooling (e.g., TAMECAT) to gather credentials and maintain access. The Israel National Digital […]

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT Elastic observed the Dragon Breath group using RONINGLOADER, a multi-stage loader inside trojanised NSIS installers, to disable endpoint security (including Microsoft Defender via PPL/EDR-Freeze tricks) and deploy a modified Gh0st RAT. The loader kills AV processes, abuses drivers, tampers with firewalls, and side-loads […]