“Back-to-back zero-days in Oracle EBS highlight how threat actors are increasingly targeting high-value enterprise applications that underpin financial and operational workflows,” said Sakshi Grover, senior research manager for cybersecurity services at IDC Asia/Pacific. “These systems are deeply integrated, customized, and… Read More "Oracle issues second emergency patch for E-Business Suite in two weeks"
The UK’s National Cyber Security Centre (NCSC) reported 204 “national significant” cyber incidents between September 2024 and August 2025, according to the agency’s latest Annual Review 2025, published on October 14. This is the highest-ever number and represents an 130% increase… Read More "UK: 130% Spike in “Nationally Significant” Cyber Incidents"
NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in… Read More "Understanding NIST SP 800-171 Compliance"
Huntress’ new discovery, however, points to a separate, credential-driven campaign. Starting around October 4, Huntress observed mass logins into SonicWall SSLVPN devices from attacker-controlled IPs – one notably traced to 202.155.8[.]73. Many login sessions were brief, but others involved deeper… Read More "SonicWall VPNs face a breach of their own after the September cloud-backup fallout"
British businesses have been urged to prioritize AI governance when adopting the technology in new projects, after new data from EY revealed the average company has lost millions due to unmanaged risks. The consulting giant polled 100 UK firms as… Read More "UK Firms Lose Average of £2.9m to AI Risk"
Vendor Risk Management (VRM) is the process of managing and monitoring security risks resulting from third-party vendors, IT suppliers, and cloud solutions. VRM programs combine continuous third-party attack surface monitoring, risk assessments, and other third-party risk management initiatives to mitigate… Read More "Vendor Risk Management: Strategies for Protecting Your Business"
Oct 14, 2025Ravie LakshmananMalware / Typosquatting Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way… Read More "npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels"
Neue Fähigkeiten für eine neue Ära Diese Entwicklung bringt eine Reihe neuer benötigter Fähigkeiten mit sich. Cybersicherheit, einschließlich technischer Fachkenntnisse, ist nach wie vor entscheidend, muss aber mit Risikoquantifizierung, Enterprise Risk Management, Bedrohungserkennung, geopolitischer Kompetenz und dem Bewusstsein für Rechtsvorschriften… Read More "Vom CISO zum Chief Risk Architect"
Oct 14, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the… Read More "Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain"
Cyberkriminelle wollten sich in 20.000 Benutzerkonten der Bundesagentur für Arbeit einloggen, um Arbeitslosengeld umzuleiten. T. Schneider – shutterstock.com Bei einem Cyberangriff auf die Bundesagentur für Arbeit (BA) sollen acht Männer versucht haben, Leistungen auf eigene Konten umzuleiten. Die bayerischen Experten… Read More "Cyberangriff auf Bundesagentur | CSO Online"
