Threat actors have exploited the Oracle Database Scheduler to infiltrate corporate networks, leveraging the extjobo.exe executable to execute arbitrary commands on database servers. Attackers established a foothold through repeated login attempts, subsequently utilizing PowerShell scripts to gather system information, deploy Ngrok for encrypted tunneling, and escalate privileges to execute ransomware. They manipulated processes to maintain control while obscuring their tracks through aggressive cleanup routines. This incident underscores the critical need for organizations to enhance security…
Read More

Cybersecurity threats to supply chains are escalating as hackers increasingly exploit vulnerabilities in interconnected systems, posing significant risks to companies. This growing trend underscores the urgent need for organizations to enhance their security measures and collaborate on best practices to safeguard their operations. The implications of these attacks extend beyond individual businesses, potentially disrupting economies and national security frameworks. For India, strengthening cybersecurity protocols is essential, especially given its expanding defense industry and reliance on te…
Read More

A critical vulnerability, tracked as CVE-2025-55241, has been identified within Microsoft Entra ID, previously known as Azure Active Directory, allowing attackers to potentially assume global administrative control across all Microsoft tenants using a single compromised Actor token. Discovered by security researcher Dirk-Jan Mollema, this flaw stems from a validation error that fails to ensure tenant boundaries, enabling an attacker with access to a low-privilege token from a test environment to read sensitive user profiles, create new Global Admin accounts, and hijack existing ones without tr…
Read More

Stellantis, the parent company of brands such as Jeep and Dodge, recently suffered a significant cyber attack resulting in data theft from a third-party service provider, underscoring the automotive industry’s vulnerability to cybersecurity threats. This incident is part of a troubling trend, with other companies, including Jaguar Land Rover and Xiaomi, experiencing similar breaches and operational disruptions, highlighting systemic risks in an increasingly digital landscape. The breach arrives at a challenging time for Stellantis, which is already grappling with a $2.3 billion net loss and on…
Read More

A new ransomware group called BlackLock has emerged, posing a significant threat as it targets Windows, Linux, and VMware ESXi environments, showcasing advanced cross-platform capabilities. Initially known as El Dorado, it has rebranded and operates under a Ransomware-as-a-Service model, leveraging sophisticated cryptographic techniques for file encryption that complicate recovery efforts for victims. The malware employs advanced network propagation methods and psychological pressure tactics through ransom notes to enhance its leverage over organizations. This evolution in cyber threats unders…
Read More

A significant breakthrough in cybersecurity research has unveiled MalTerminal, a new category of malware that harnesses OpenAI’s GPT-4 API to autonomously generate ransomware and reverse shells during execution. This dynamic capability poses substantial challenges for traditional detection methods, as the malware creates unique malicious logic in real-time, complicating static signature identification. Researchers at SentinelLABS have developed innovative hunting techniques to counteract this threat, focusing on the identification of API keys and common prompt structures. The emergence of LL…
Read More

The National Institute of Standards and Technology (NIST) has released a draft white paper focusing on the transition to post-quantum cryptography (PQC), crucial for securing sensitive data against potential quantum computing threats. The paper emphasizes the urgency for organizations to begin planning their migration to quantum-resistant algorithms, as predictions suggest that viable quantum computers could emerge within the next decade. It also addresses the risks of “harvest now, decrypt later” attacks, where adversaries capture encrypted data with the hope of breaking it in the future. The…
Read More

The Financial Intelligence Unit India (FIU-IND) has mandated cybersecurity audits for all Virtual Digital Asset (VDA) providers as a prerequisite for registration under the Prevention of Money Laundering Act, 2002. This decision follows significant cyber thefts in the cryptocurrency sector, prompting experts to advocate for enhanced regulatory measures to protect users and trace illicit transactions. While the move aims to bolster investor confidence and deter financial crimes, it raises concerns about compliance costs for smaller entities and the absence of a comprehensive legal framework for…
Read More

Maharashtra Deputy Chief Minister Eknath Shinde’s X account was hacked on Sunday, with hackers posting images of the flags of Pakistan and Turkey. This incident occurred on the day India and Pakistan were scheduled to play in the Asia Cup, raising concerns about the motives behind the hacking. The cybercrime police were promptly notified, and the account was restored within 30 to 45 minutes. This breach highlights ongoing cybersecurity vulnerabilities, particularly in sensitive political contexts, and underscores the need for enhanced protective measures for public officials, especially in a r…
Read More

An Iranian cyber espionage group named UNC1549, monitored by Swiss cybersecurity firm PRODAFT, has successfully targeted European telecommunications, compromising 34 devices across multiple countries, including Canada, France, the UAE, the UK, and the US. Utilizing spear-phishing tactics and the advanced MINIBIKE backdoor, the group infiltrates systems by posing as HR representatives and deploying sophisticated malware capable of extensive data theft. This operation underscores a broader strategy by Iran to enhance its cyber capabilities, particularly in telecommunications and defense sectors…
Read More

Cybersecurity researchers recently uncovered a sophisticated Russian botnet operation exploiting DNS misconfigurations and compromised MikroTik routers to execute a massive global malware distribution campaign. The botnet, consisting of approximately 13,000 hijacked devices, utilized improper Sender Policy Framework (SPF) configurations across 20,000 domains, allowing unauthorized email spoofing and bypassing traditional anti-spam protections. This incident highlights critical vulnerabilities within network infrastructure and the importance of proper DNS management, as even minor configuration…
Read More

The US Space Force has awarded Viasat a multi-year contract to develop an advanced encryption system aimed at enhancing satellite cybersecurity. This project focuses on securing data transmissions between satellites and ground stations throughout their lifecycle, employing Viasat’s End Cryptographic Unit (ECU) tailored for space environments. The initiative addresses both current and future threats in satellite communications, emphasizing modularity and scalability for ongoing upgrades. This development is significant as it strengthens national defense capabilities in space, ensuring secure co…
Read More

Major European airports, including London’s Heathrow, Berlin, and Brussels, faced significant disruptions due to a cyberattack targeting Collins Aerospace’s check-in and boarding systems, impacting flight operations on Saturday. Passengers experienced long queues and numerous cancellations as airports scrambled to restore normalcy by implementing manual workarounds. The incident, classified as cyber-related disruption, underscores the vulnerability of critical infrastructure to hacking threats, mirroring recent breaches in other sectors like automotive and retail. As investigations ensue, the…
Read More

Researchers have unveiled MalTerminal, the earliest known malware utilizing GPT-4 capabilities to generate ransomware or reverse shell commands. This discovery was made by SentinelOne’s research team and presented at LABScon 2025. MalTerminal’s design marks a significant evolution in cyber threats, with the ability to dynamically create malicious code, complicating defense measures. Additionally, a report by StrongestLayer highlights how threat actors are embedding prompts within phishing emails to bypass AI security measures, elevating the sophistication of social engineering attacks. These…
Read More

A cyberattack targeting a third-party service provider has disrupted operations at major European airports, including London’s Heathrow, Brussels, and Berlin, leading to numerous flight delays and cancellations. The incident affected automated check-in and boarding systems, compelling airlines to revert to manual processes. Brussels Airport reported that by Saturday morning, ten flights were canceled and 17 delayed by over an hour. Collins Aerospace, the affected service provider, acknowledged a “cyber-related disruption” and is actively working to restore functionality. This incident unders…
Read More

The Indian Army is transitioning to a new era of non-contact warfare, emphasizing the importance of cyber capabilities, space assets, and precision strikes, according to Lt Gen Adosh Kumar, Director General, Artillery. During the Gen S F Rodrigues Memorial Seminar, he highlighted that modern conflicts rely on remote surveillance and autonomous systems to engage adversaries while minimizing risk to personnel. Notably, the success of Operation Sindoor demonstrated the effectiveness of these strategies in providing information dominance and striking capabilities. Kumar urged the Army to strengthe…
Read More

A new Remote Access Trojan (RAT) is being marketed on underground forums as a fully undetectable alternative to legitimate software, notably ScreenConnect. This malware boasts advanced features that allow it to evade modern security systems, including bypassing Google Chrome and Windows SmartScreen warnings by utilizing a valid Extended Validation (EV) certificate. The RAT potentially enables attackers to gain real-time visual control of compromised systems, facilitating data theft and system manipulation. This development highlights an alarming trend in sophisticated cybercrime tools, emphasi…
Read More

A self-propagating JavaScript worm named “Shai-Hulud” has compromised over 500 npm packages, highlighting a major vulnerability in software development environments. This worm infects packages by stealing developer credentials and cloud tokens through tools like TruffleHog, then injects malicious scripts into other packages managed by compromised maintainers. Once a package is infected, the worm automatically republishes trojanized versions with updated package files to propagate further. It also creates public GitHub repositories exposing stolen credentials and uploads malicious GitHub Action…
Read More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms over sophisticated Chinese malware linked to exploits of Ivanti’s Endpoint Manager Mobile (EPMM) systems, identifying vulnerabilities CVE-2025-4427 and CVE-2025-4428 that allowed attackers to execute remote code and maintain persistent access. Although CISA refrained from formal attribution, researchers suspect state-sponsored Chinese actors behind these intrusions, highlighting the growing threat to mobile device management platforms crucial for enterprises. The incident underscores the urgent need for enhanced…
Read More

In response to escalating cyber threats, the Union Ministry for Home Affairs (MHA) has directed the Ministry of Housing and Urban Affairs (MoHUA) to enhance cyber security measures within India’s smart cities. This initiative includes the appointment of dedicated Chief Information Security Officers (CISOs) for each smart city, who will oversee the protection of digital infrastructure, monitor cyber risks, and ensure compliance with national security protocols. The push for stronger cyber defenses underscores the increasing reliance on technology in governance and public services, highlighting…
Read More

The Data Security Council of India (DSCI) and Siemens Limited have inaugurated an Operational Technology (OT) Cyber Security Lab at the Nasscom campus in Noida, aimed at bolstering India’s critical infrastructure cybersecurity. This initiative will serve as an innovation platform for startups, providing access to technology and equipment necessary for developing and testing cybersecurity solutions in real-world scenarios. The lab will focus on skill development and training professionals across critical sectors, fostering collaboration among government, academia, and industry. With the digital…
Read More

South Korea’s government has initiated a comprehensive response to recent cyberattacks affecting KT Corp and Lotte Card, which resulted in significant data breaches compromising sensitive personal information. The Ministry of Science and ICT and the Financial Services Commission have pledged a thorough investigation into the incidents, with plans for major regulatory reforms to enhance cybersecurity. Notably, approximately 2.97 million customers’ data from Lotte Card was exposed, raising concerns over potential financial fraud. This situation emphasizes the need for a robust cybersecurity fram…
Read More

The U.S. Department of Justice has charged British teenager Thalha Jubair, 19, with involvement in over 120 cyberattacks, including breaches targeting the U.S. Courts system and extortion of numerous U.S. companies. Arrested alongside 18-year-old Owen Flowers, Jubair is linked to the Scattered Spider hacking group, known for utilizing social engineering tactics to compromise corporate networks, leading to significant ransom payments exceeding $115 million. Evidence suggests Jubair’s seized servers contained critical information from a New Jersey-based infrastructure company and a cryptocurre…
Read More

Researchers at Radware have identified a serious zero-click vulnerability in OpenAI’s ChatGPT, specifically within its Deep Research agent, which could have allowed attackers to exfiltrate sensitive Gmail data without any user action. Dubbed “ShadowLeak,” this vulnerability enables hackers to craft emails with hidden HTML instructions that manipulate the AI agent into leaking personal identifiable information (PII) from a user’s inbox directly to an attacker-controlled server. The attack leverages the agent’s built-in capabilities to autonomously browse the web and interact with various applic…
Read More

A recent study by Arctic Wolf reveals that the majority of cybersecurity alerts occur outside regular business hours, highlighting a concerning shift in the threat landscape. Adversaries are increasingly employing sophisticated tactics, targeting vulnerabilities and exploiting timing to bypass traditional defenses, resulting in heightened alert fatigue among defenders. This trend necessitates a reevaluation of defense strategies, as organizations face unprecedented complexity in threats despite significant investments in cybersecurity. The findings underscore the importance of continuous vigil…
Read More