-
An active in-the-wild exploitation of a zero-day vulnerability in Gladinet CentreStack and Triofox products. Tracked as CVE-2025-11371, the unauthenticated Local File Inclusion (LFI) flaw allows attackers to achieve remote code execution (RCE) on affected systems. The vulnerability is currently unpatched, but a mitigation has been provided. Organizations using the affected software are strongly urged to […] The post Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly observed information‐stealing campaign is deploying a stealthy variant of the SnakeKeylogger malware via weaponized e-mails that masquerade as legitimate remittance advice from CPA Global and Clarivate. Researchers first identified the infectio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape faces a new and significant threat as the notorious CL0P ransomware group has launched a large-scale extortion campaign targeting Oracle E-Business Suite (EBS) environments. Starting September 29, 2025, security researchers began tracking a sophisticated operation where threat actors claimed affiliation with the CL0P extortion brand and initiated a high-volume email campaign targeting […] The post Google Warns of CL0P Ransomware Group Actively Exploiting Oracle E-Business Suite Zero-Day appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a coordinated effort, international law enforcement agencies seized the clearnet domain breachforums[.]hn, shutting down yet another incarnation of the notorious cybercrime marketplace BreachForums. The domain now displays a joint seizure notice fro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Threat Intelligence is sounding the alarm on a surge of sophisticated “payroll pirate” attacks, in which financially motivated adversaries hijack employee accounts to reroute salary payments to attacker-controlled bank accounts. In the first …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
International law enforcement agencies have seized the latest clearnet domain of the notorious cybercrime marketplace, BreachForums. The domain, breachforums[.]hn, now displays a seizure notice from the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), alongside French authorities, including the Brigade de Lutte Contre la Cybercriminalité (BL2C) and the Parquet de Paris […] The post Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security researcher has uncovered a significant vulnerability in a widely used payment terminal that could enable attackers to gain full control of the device in under a minute. The affected model, the Worldline Yomani XR, is found in grocery stores,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat actor is claiming responsibility for a data breach at KFC’s Venezuela operations, offering for sale a database containing the personal and order information of more than one million customers. The sale was advertised on a dark web forum on Oct…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical vulnerabilities in 7-Zip’s handling of ZIP archives have emerged, enabling remote attackers to execute arbitrary code by exploiting directory traversal flaws. Both issues stem from improper processing of symbolic links within ZIP files, al…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
