-
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
·
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. “This activity began on or
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that can be dismissed quickly, but the ones that hide
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An extortion group known as the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, making off with nearly 570GB of compressed data from 28,000 internal repositories.
This data theft is being regarded as one of the most significant breaches in technology history, involving the unauthorized extraction of source code and sensitive confidential information.
The stolen repositories allegedly reference thousands of organizations across multiple industries, including major banks, telecoms, airlines, and public-sector institutions. Notable names mentioned within the reportedly compromised repository tree include Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even the U.S. Senate.
— International Cyber Digest (@IntCyberDigest) October 1, 2025
Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints.
Our analysis of obtained data:
pic.twitter.com/ECMYLlHqyjThe range of referenced clients underscores the potential scale and downstream risk for critical supply chains worldwide—if the breach claims are accurate.
Sensitive Credentials and Configuration Data Exposed
What makes the Crimson Collective’s allegations especially alarming is the nature of the leaked content.
Initial reviews suggest that the stolen data includes a substantial trove of credentials, CI/CD secrets, pipeline configuration files, VPN connection profiles, infrastructure blueprints, inventories, Ansible playbooks, OpenShift deployment guides, CI/CD runner instructions, container registry configurations, Vault integration secrets, backup files, and exported GitHub/GitLab configuration templates.
The leak’s inventory reveals both operational and architectural information that adversaries could exploit for secondary infiltrations or extortion attempts.
Security professionals warn that exposed credentials and infrastructure details can rapidly escalate from technical nuisance to existential business risk, especially for organizations relying heavily on automated DevOps and Infrastructure-as-Code (IaC) paradigms.
Red Hat is not alone in facing the risk of credentials or config files appearing in unexpected code repositories.
Recent security research has highlighted the perils of Shadow IT, where personal or side project repositories by employees accidentally expose sensitive enterprise secrets, sometimes granting privileged access to internal corporate containers or cloud infrastructure.
Such exposure can lead to systemic risks beyond the original organization, impacting downstream users and partners.
This breach appears to be a potent illustration of multi-level supply-chain risk: attack paths may traverse CI/CD systems, container registries (such as Quay), automation playbooks, and public/private configuration backups, multiplying impact vectors for both Red Hat and its customers.
Red Hat has not yet made a public statement confirming or denying any connections to their own infrastructure.
The Crimson Collective’s claims and their potential for industry-wide ripple effects continue to unfold. All eyes remain on Red Hat, its customers, and the global supply chain as investigators race to contain what may be one of the broadest source code exposures on record.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three critical security flaws were discovered in firmware version V9.4.0cu.1360_B20241207 of the TOTOLINK X6000R router released on March 28, 2025. These vulnerabilities range from argument injection and command injection to a security bypass that can lead to remote code execution. Attackers can crash devices, corrupt system files, and execute arbitrary commands without authentication. Users must […]
The post TOTOLINK X6000R Routers Hit by Three Vulnerabilities Allowing Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code.
The update, rolling out across Windows, Mac, and Linux platforms, patches several high-severity vulnerabilities that pose significant risks to user security.
The most severe vulnerability addressed is CVE-2025-11205, a heap buffer overflow in WebGPU that earned security researcher Atte Kettunen from OUSPG a $25,000 bounty.
This high-severity flaw could potentially allow attackers to execute arbitrary code or crash the browser by exploiting memory corruption in the WebGPU implementation.
Another significant heap buffer overflow vulnerability, CVE-2025-11206, affects Chrome’s video processing functionality. Discovered by researcher Elias Hohl, this high-severity flaw earned a $4,000 reward and could enable attackers to manipulate video rendering processes to cause browser instability or crashes.
Information Leakage and Implementation Vulnerabilities
Chrome 141 addresses multiple medium-severity vulnerabilities that could compromise user privacy and browser functionality.
CVE-2025-11207 represents a side-channel information leakage vulnerability in Chrome’s storage system, potentially allowing attackers to extract sensitive data through timing attacks or other side-channel methods.
Several inappropriate implementation vulnerabilities affect core browser components, including the Media system (CVE-2025-11208, CVE-2025-11212) and Omnibox functionality (CVE-2025-11209, CVE-2025-11213). These flaws could enable attackers to manipulate browser behavior or access unintended functionality.
The update includes critical fixes for Chrome’s V8 JavaScript engine, addressing CVE-2025-11215 (off-by-one error) and CVE-2025-11219 (use-after-free vulnerability).
Both vulnerabilities were discovered by Google’s Big Sleep AI system, highlighting the company’s investment in automated vulnerability detection. These JavaScript engine flaws could allow attackers to execute malicious code through crafted web content.
Google distributed over $50,000 in bug bounty rewards to external security researchers who discovered these vulnerabilities.
The highest individual payout of $25,000 reflects the severity of the WebGPU heap buffer overflow, while other rewards ranged from $1,000 to $5,000 depending on vulnerability impact and exploitability.
The Chrome security team emphasized that access to detailed vulnerability information remains restricted until most users update their browsers. This approach prevents malicious actors from exploiting known vulnerabilities before patches are widely deployed.
Chrome 141.0.7390.54 for Linux and versions 141.0.7390.54/55 for Windows and Mac are now available through automatic updates.
Users should ensure their browsers update automatically or manually check for updates through Chrome’s settings menu to protect against these serious security vulnerabilities that could result in browser crashes or compromise system security.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the official Termix Docker image puts users at risk of exposing sensitive SSH credentials. The flaw allows anyone with network access to retrieve stored host addresses, usernames, and passwords without logging in. How the Vulnerability Works Termix provides a Docker image that runs a Node.js backend behind an Nginx reverse proxy. […]
The post Termix Docker Image Leaking SSH Credentials (CVE-2025-59951) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
