1010.cx

  • Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

    ·

    , , ,

    Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the cybercriminals had used to sign fake Microsoft Teams installation files, which were designed to deliver the Oyster backdoor and deploy Rhysida ransomware on victim systems. Discovery […]

    The post Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely

    ·

    , , ,

    Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed “Maverick.” The threat has already blocked over 62,000 infection attempts in Brazil during the first 10 days of October alone, demonstrating its massive scale and potential impact. The attack begins when victims receive a malicious […]

    The post New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

    ·

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File

    ·

    , , ,

    Microsoft announced that it had revoked more than 200 digital certificates exploited by the notorious Vanilla Tempest hacking group.

    This action effectively disrupted an ongoing campaign where attackers impersonated Microsoft Teams installations to infiltrate corporate networks and deploy ransomware.

    The operation, uncovered in late September, highlights the evolving tactics of ransomware operators who leverage legitimate-looking software to bypass security defenses.

    Vanilla Tempest, also tracked by cybersecurity firms as VICE SPIDER and Vice Society, has emerged as a persistent menace in the ransomware landscape.

    This financially driven actor specializes in data exfiltration for extortion, often pairing theft with encryption attacks to maximize payouts.

    Over the years, the group has wielded a variety of ransomware strains, including BlackCat, Quantum Locker, and Zeppelin. However, in recent months, Rhysida ransomware has become their weapon of choice, targeting sectors like healthcare, education, and manufacturing for high-impact disruptions.

    Fake Teams Downloads Via Search Engines

    The latest campaign preyed on unsuspecting users seeking legitimate Microsoft Teams updates. Attackers hosted counterfeit MSTeamsSetup.exe files on deceptive domains such as teams-download[.]buzz, teams-install[.]run, and teams-download[.]top.

    These sites likely gained traction through search engine optimization (SEO) poisoning, where manipulated search results direct victims to malicious downloads instead of official Microsoft resources.

    Once executed, the bogus installers unleashed a multi-stage payload. An initial loader paved the way for the Oyster backdoor, a versatile malware tool that Vanilla Tempest began integrating into operations as early as June 2025.

    By early September, the group escalated their stealth by fraudulently signing these backdoors and loaders with stolen or misused certificates from reputable providers like Trusted Signing, SSL.com, DigiCert, and GlobalSign.

    This signing process lent the files an air of authenticity, tricking antivirus software and user scrutiny alike. From there, the infection chain culminated in Rhysida ransomware deployment, locking files and demanding ransoms while exfiltrating sensitive data for leverage.

    Microsoft’s response was multifaceted. Beyond certificate revocation, the company bolstered its defenses through Microsoft Defender Antivirus, which now identifies and blocks the fake setup files, the Oyster backdoor, and Rhysida ransomware variants.

    For enterprise users, Microsoft Defender for Endpoint offers behavioral detections tailored to Vanilla Tempest’s tactics, techniques, and procedures (TTPs), including anomalous network activity and privilege escalations.

    This incident underscores the risks of supply chain-style attacks in everyday software updates. As remote work tools like Teams remain essential, attackers continue to exploit trust in familiar brands.

    Microsoft’s proactive revocation prevented further abuse of the compromised certificates, but experts warn that similar tactics could resurface with new signing authorities.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • YouTube Down for Users Globally – Google Confirms Outage – Updated

    ·

    YouTube experienced a widespread outage on Wednesday, October 15, 2025, disrupting video streaming for millions of users across the United States, Europe, Asia, and beyond.

    The platform, which serves over 2.7 billion monthly users, saw reports of playback errors and blank screens starting around 7 p.m. ET, affecting its core service as well as YouTube Music and YouTube TV.

    Google confirmed the issue via a post on X, stating that engineers were investigating and urging patience from affected viewers.​

    At its height, Downdetector recorded more than 366,000 outage reports in the U.S. alone by 7:55 p.m. ET, with complaints surging to over 600,000 globally within hours. Users in major cities like New York, Los Angeles, Chicago, and Seattle faced the brunt, alongside international hotspots in the UK (over 62,000 reports), Canada, Australia, and Japan (around 19,000).

    Common errors included “An error occurred, please try again later” messages on desktops and “Something went wrong” on mobile apps, preventing video loads, playlist access, and even logins.

    About 54% of issues centered on video and music streaming, leaving offline downloads as the only workaround for some.​

    The outage’s timing amplified frustration, coinciding with evening prime time when users typically unwind with content. Social media erupted with memes and complaints, such as one user joking, “For the first time in history, YouTube actually went down.

    Update 1:

    By late Wednesday evening, YouTube announced the issue was resolved, posting on X that users could now stream videos normally on all affected services.

    Downdetector reports declined sharply, though isolated slow-loading complaints persisted into Thursday morning, October 16.

    The company’s status page confirmed teams were monitoring for full recovery, appreciating user patience during the roughly two-hour disruption.​

    For now, users are advised to check the official X account (@TeamYouTube) or Downdetector for updates, ensuring seamless access to the world’s top video-sharing site.​

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post YouTube Down for Users Globally – Google Confirms Outage – Updated appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Air Force spikes plans to stand up command focused on competing with China

    ·

    The Air Force has spiked plans to activate a new command that was pitched as a key part of the service’s efforts to modernize its capabilities and stay competitive against China in a future conflict. 

    Ending the creation of a permanent Integrated Capabilities Command—a major command slated to be led by a three-star general focused on modernizing and prioritizing the service’s future acquisitions—reverses a key initiative by former Air Force Secretary Frank Kendall. The command was stood up in a provisional capacity last year, and the effort was paused by Defense Secretary Pete Hegseth in February. The provisional ICC’s responsibilities will now be folded into the existing, but soon-to-be restructured, Air Force Futures organization by April 1, 2026.

    "This restructuring will accelerate the delivery of combat power, improve efficiency, and shorten the decision timeline," Air Force Secretary Troy Meink said in an emailed press release.

    Creation of a command focused on modernizing the service’s acquisitions in future conflicts was seen by past Air Force planners as a way to lift that responsibility from major commands to help them focus on other priorities. It was the cornerstone of the service’s sweeping “Reoptimization for Great Power Competition" initiative started under former Air Force Secretary Kendall and soon-to-be retired Air Force Chief of Staff David Allvin, who was ushered out for his support of the strategy.

    Air Force officials said the service’s futures organization, known as the A5/7, plans to create a new role of “Chief Modernization Officer,” which will be focused on strategy and force design, mission integration, capability development, and modernizing the service’s platforms. 

    The provisional ICC stood up in September 2024 and was led by Maj. Gen. Mark Mitchum. An Air Force official confirmed that Maj. Gen. Christopher Niemi, commander of the Air Force Warfare Center, will head up the A5/7 reorganization. 

    Defense budget experts weren’t surprised by the decision to end the ICC, saying it followed a trend of the Air Force casting aside parts of the former service secretary’s reorganization plan.

    “This is really a course correction on the whole reorganization that Frank Kendall put in place,” said Todd Harrison, a senior fellow at the American Enterprise Institute.

    While the effort was viewed as a way to relieve the burden of modernization efforts from groups such as Air Force Global Strike Command and Air Force Combat Command, Harrison added it also removed a key responsibility from them, inviting criticism. 

    “I think Kendall knew that when he tried to make the changes when he was within the Air Force,” Harrison said. “He got a lot of pushback from the major commands then.”

    Meink, speaking to reporters at the Air & Space Force Association’s conference last month, said he was “getting close” to making decisions on the reorganization plans tied to China, but added, “I'm not a big believer in the competition side of the house” and reiterated the administration’s priorities for supporting homeland defense. 

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • MCPTotal Launches to Power Secure Enterprise MCP Workflows

    ·

    MCPTotal, a comprehensive secure Model Context Protocol (MCP) platform, today announced its flagship platform to help businesses adopt and secure MCP servers.  MCP has become the standard interface for connecting AI models with enterprise systems, external data sources, and third-party applications. But, uncontrolled adoption has introduced major risks, including supply chain exposures, prompt injection vulnerabilities, […]

    The post MCPTotal Launches to Power Secure Enterprise MCP Workflows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • MCPTotal Launches to Power Secure Enterprise MCP Workflows

    ·

    MCPTotal, a comprehensive secure Model Context Protocol (MCP) platform, today announced its flagship platform to help businesses adopt and secure MCP servers. 

    MCP has become the standard interface for connecting AI models with enterprise systems, external data sources, and third-party applications. But, uncontrolled adoption has introduced major risks, including supply chain exposures, prompt injection vulnerabilities, rogue MCP servers, data exfiltration, and authentication gaps. Both traditional security products and newer LLM security solutions are not able to monitor MCP traffic, leaving enterprises exposed to new opportunities for bad actors. 

    MCPTotal delivers the first end-to-end platform for organizations to safely adopt MCPs while also improving their usability. Its hub-and-gateway architecture provides centralized hosting, authentication and credential vaulting while acting as an AI-native firewall to monitor traffic and enforce policies in real time. MCPTotal offers hundreds of secure MCP servers in its vetted catalog, allowing enterprise users to select from a safe and secure range. With MCPTotal, employees can connect their AI models to business-critical systems like Slack and Gmail, while security leaders get full visibility into usage and enforcement via guardrails to ensure security, privacy, and compliance. 

    MCPTotal delivers four key capabilities unmatched in the market: 

    • Enablement, not restriction: Empowers all employees to use MCP immediately through a simple, intuitive experience with built-in policy enforcement and auditing that keep security teams in control. 
    • Automatic Security Review: Ensures only trusted, curated MCP servers are available, each passing a rigorous security vetting process to eliminate malicious risks. 
    • Comprehensive Visibility Scans: Offers flexible methods to scan employee workstations and detect MCP-related risks or threats across the organization. 
    • Multi-Environment Coverage: Operates consistently across desktop, browser, and cloud environments, including self-hosted deployments. 

    “Until now, there hasn’t been a solution that can help security teams actually lock down MCP servers at the rate that employees are connecting their AI and business applications via MCP,” said Gil Dabah, CEO of MCPTotal. “In fact, the first malicious MCP server in the wild was just reported, demonstrating how easily attackers can get into enterprise sensitive data. Now with MCPTotal, we’re giving organizations the ability to securely host, monitor and sandbox servers so employees can safely use MCPs and connect them to any data source without manually handling API keys.”  

    The platform enables enterprises to finally adopt MCPs without adopting more shadow IT risk. With MCPTotal’s easy to use interface, employees are not required to be developers or technical experts to leverage MCPs in their workflows. Security teams are able to set policies around MCP usage and users are able to access pre-vetted MCP servers via single sign-on and gain access to all their authenticated tools. 

    About MCPTotal 

    MCPTotal provides enterprise-grade MCP infrastructure with built-in security, governance and compliance controls. Founded by serial entrepreneurs and security experts Gil Dabah and Dr. Ariel Shiftan, the company helps organizations safely harness the power of AI-tool integration. For more information, users can visit https://go.mcptotal.io/.  

    Contact

    Account Director
    Hannah Sather
    Montner Tech PR
    hsather@montner.com

    The post MCPTotal Launches to Power Secure Enterprise MCP Workflows appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • The Army’s new tank will roll out a decade early. Here’s how they did it

    ·

    It’s been about 30 years since the Army welded a new Abrams tank, and it was going to be another decade until they built a new one, when the service sat down to hammer out the requirements for the combat vehicle’s next generation

    But when the Army awarded the M1E3 contract to General Dynamics last year, the service’s acquisitions leaders said that wasn’t good enough.

    “That just isn't going to cut it,” Danny Deep, GD's executive vice president for global operations, told an audience Wednesday at the AUSA annual meeting in Washington, D.C. “The requirements are going to change 100 times between now and then.”

    Rather than pick out every single communications system and sensor that would go into the next Abrams for the rest of its service life, the Army is opting for an open system that will allow new software to be plugged in as needed.

    “The world changed,” Deep said. “We make some big decisions on the key subsystems, but even those subsystems were not locked in for the next 30 or 40 years, and we create a truly modular, next-generation, lighter, more lethal, more integrated platform that is going to change.”

    It’s on track to be fielded next year, he added, so soldiers can try it out and give their feedback.

    “And then, in short order after that, we're going to start delivering this capability in the next two to three years, as opposed to the next 10,” he said.

    [[Related Posts]]

    The M1E3 is one of the key examples of the Army’s current push to transform how it acquires new systems—a stark contrast to the M10 Booker light tank it canceled earlier this year, after it became a requirements boondoggle. 

    “So I think this whole world of requirements is born not out of, not only out of trying to

    predict the future, which is impossible, but it's also trying to keep the system out of trouble from a protest standpoint,” Deep said. “And we just got to get past that.”

    The infantry squad vehicle has also been developed with modularity in mind, said Pete Johnson, General Motors’ vice president of integrated vehicles. 

    “We've tried to maximize the ways in which you can modularly add on mission equipment,” Johnson said, by pre-drilling holes throughout the ISV-Utility variant through bolt-on positions in anticipation of new techthe vehicles will get in the future.

    Regardless of what kind of system it is, there will be options to easily mount it to the vehicles. 

    At the same time, said Army Chief of Staff Gen. Randy George, the service is reviewing thousands of requirements in its current acquisitions programs to make sure they’re all still relevant. 

    “And how do we simplify that process?” he said. “So we want your feedback on those kinds of things as well, to make sure that we're continuing to move in that direction.”

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • BreachLock Named Representative Provider for Penetration Testing as a Service (PTaaS) in New Gartner® Report

    ·

    BreachLock, the global leader in Penetration Testing as a Service (PTaaS), has been recognized as a Representative Provider in the 2025 Innovation Insight: Penetration Testing as a Service report by Gartner. 

    The report highlights how PTaaS helps organizations increase testing frequency by automating routine tasks, supports compliance objectives with high-level standardization and customizable reporting, and helps reduce exposure by closely supporting continuous threat exposure management (CTEM) strategies, enabling organizations to remediate emerging risks faster. 

    This latest recognition from Gartner –– following multiple other recognitions from Gartner this year for PTaaS, Adversarial Exposure Validation (AEV), and CTEM –– underscores BreachLock’s commitment to delivering more scalable, flexible, and efficient penetration testing solutions for modern security teams.  

    “Static or periodic penetration testing simply can’t defend dynamic attack surfaces anymore. Gartner’s recognition of PTaaS reinforces what our clients experience daily — offensive security needs to be agentic, adaptive, and continuous,” stated Seemant Sehgal, Founder & CEO of BreachLock. “Our Agentic Offensive Security solution autonomously discovers, prioritizes, and validates exposures in real time — turning Pen Testing from a reactive process into a living, self-optimizing defense mechanism.” 

    BreachLock PTaaS blends human expertise, AI, and automation to help security teams identify, prioritize, and remediate risk not only faster, but continuously. The company offers flexible and versatile managed-service, self-service, and hybrid PTaaS solutions, enabling customers to test what they want, when they want, as frequently as they want, whether that’s periodically, continuously, or on demand.

    BreachLock makes penetration testing fast and scalable, and enables smarter vulnerability prioritization with deeper, AI-contextualized insights that go beyond CVSS risk scoring, accounting for business context and leveraging historical data from thousands of pentests. 

    Delivered through the BreachLock Unified Platform, PTaaS integrates seamlessly with the company’s adjacent offensive security solutions, including Adversarial Exposure Validation (AEV), its generative AI-powered autonomous red teaming engine, and Attack Surface Management (ASM). Together, these solutions form a unified foundation for continuous discovery, validation, prioritization, and remediation in alignment with enterprise CTEM programs. 

    About BreachLock 

    BreachLock is a global leader in offensive security, delivering scalable and continuous security testing. Trusted by global enterprises, BreachLock provides human-led and AI-powered Attack Surface Management, Penetration Testing as a Service (PTaaS), Red Teaming, and Adversarial Exposure Validation (AEV) solutions that help security teams stay ahead of adversaries. 

    With a mission to make proactive security the new standard, BreachLock is shaping the future of cybersecurity through automation, data-driven intelligence, and expert-driven execution. 

    Disclaimer 

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    Contact

    Senior Marketing Executive
    Megan Charrois
    BreachLock
    megan.c@breachlock.com

    The post BreachLock Named Representative Provider for Penetration Testing as a Service (PTaaS) in New Gartner® Report appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶