Oct 15, 2025Ravie Lakshmanan Enterprise Software / Vulnerability SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability,… Read More "New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login"
Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all… Read More "What AI Reveals About Web Applications— and Why It Matters"
Oct 14, 2025Ravie LakshmananCyber Espionage / Network Security Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per… Read More "Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year"
Oct 14, 2025Ravie LakshmananVulnerability / Mobile Security Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without… Read More "New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions"
Oct 14, 2025Ravie LakshmananVulnerability / Hardware Security Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack,… Read More "Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing"
Every October brings a familiar rhythm – pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness… Read More "How Threat Hunting Builds Readiness"
Oct 14, 2025Ravie LakshmananMalware / Typosquatting Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way… Read More "npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels"
Oct 14, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the… Read More "Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain"
Oct 13, 2025Ravie LakshmananBrowser Security / Windows Security Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to… Read More "Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor"
Oct 13, 2025Ravie LakshmananCybersecurity / Hacking News Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the… Read More "WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More"
