Latest Cybersecurity News and Articles
10 October 2025
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt.
But not all AI SOC platforms are created equal.
From prompt-dependent copilots to autonomous, multi-agent systems, the current market offers
10 October 2025
More than 85,000 pet and pet owner records were exposed.
10 October 2025
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.
The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy
10 October 2025
Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws.
The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek.
10 October 2025
The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges.
The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek.
10 October 2025
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products.
The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and
10 October 2025
Apple has announced significant updates to its bug bounty program, including new categories and target flags.
The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.
10 October 2025
Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations.
The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek.
10 October 2025
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday.
"We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of
09 October 2025
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL.
"The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely
09 October 2025
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them.
"Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front
09 October 2025
SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service.
"The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said.
It also noted that it's working to notify all
09 October 2025
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface.
This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help
09 October 2025
The cybersecurity startup will use the investment to accelerate its product development and market expansion efforts.
The post Realm.Security Raises $15 Million in Series A Funding appeared first on SecurityWeek.
09 October 2025
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks.
Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called tokens. Tokens, like
09 October 2025
Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code.
The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek.
09 October 2025
The company said there is no evidence that confidential client data was stolen from its systems.
The post Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day appeared first on SecurityWeek.
09 October 2025
Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said.
"Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated
09 October 2025
In early September, hackers stole the firewall configuration backup files stored using the MySonicWall service.
The post All SonicWall Cloud Backup Users Had Firewall Configurations Stolen appeared first on SecurityWeek.
09 October 2025
The hackers claim the theft of over 2 million photos of government identification documents provided to Discord for age verification.
The post Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach appeared first on SecurityWeek.