Latest Cybersecurity News and Articles

---

Hackers Extorting Salesforce After Stealing Data From Dozens of Customers

Salesforce says the extortion attempts are related to past or unsubstantiated incidents, and not to fresh intrusions. The post Hackers Extorting Salesforce After Stealing Data From Dozens of Customers appeared first on SecurityWeek.

---

Data Breach at Doctors Imaging Group Impacts 171,000 People

Doctors Imaging Group is informing customers about a cybersecurity incident nearly a year after it occurred.  The post Data Breach at Doctors Imaging Group Impacts 171,000 People appeared first on SecurityWeek.

---

$4.5 Million Offered in New Cloud Hacking Competition

Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition. The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek.

---

Active exploitation of vulnerability affecting Oracle E-Business Suite

The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-61882) affecting Oracle E-Business Suite.

---

Beer Giant Asahi Says Data Stolen in Ransomware Attack

The brewing giant has reverted to manual order processing and shipment as operations at its Japanese subsidiaries are disrupted. The post Beer Giant Asahi Says Data Stolen in Ransomware Attack appeared first on SecurityWeek.

---

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks

Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882. The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.

---

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,

---

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle

---

Cyber Risks Can Be Legal Risks: How to Protect the Organization

Attorneys share their insights about the legal considerations organizations should be aware of when it comes to AI, third party relationships and BYOD policies.

---

Six out of 10 UK secondary schools hit by cyber-attack or breach in past year

Hackers are more likely to target educational institutions than private businesses, government survey showsWhen hackers attacked UK nurseries last month and published children’s data online, they were accused of hitting a new low.But the broader education sector is well used to being a target. Continue reading...

---

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the

---

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and aimed

---

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when

---

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. "Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it became clear that the author had a

---

In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach

Other noteworthy stories that might have slipped under the radar: cybercriminals offer money to BBC journalist, LinkedIn user data will train AI, Tile tracker vulnerabilities. The post In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach appeared first on SecurityWeek.

---

Oneleet Raises $33 Million for Security Compliance Platform

The cybersecurity startup will expand its engineering team, add more AI capabilities, and invest in go-to-market efforts. The post Oneleet Raises $33 Million for Security Compliance Platform appeared first on SecurityWeek.

---

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is "engineered for speed and propagation" rather than data theft or ransomware. "SORVEPOTEL has been observed to

---

Unauthenticated RCE Flaw Patched in DrayTek Routers

The security defect can be exploited remotely via crafted HTTP/S requests to a vulnerable device’s web user interface. The post Unauthenticated RCE Flaw Patched in DrayTek Routers appeared first on SecurityWeek.

---

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting

---

Organizations Warned of Exploited Meteobridge Vulnerability

Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek.