"Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 11 October 2025, 2119 UTC.

Content and Source:  Email subscription from https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

76K followers26 articles per week

#security#tech

66

Today

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

2 TTPs

•

by Pierluigi Paganini / 9min

Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products. Threat actors are exploiting the local File Inclusion (LFI) flaw CVE-2025-11371, a zero-day in Gladinet CentreStack and Triofox. A local user can exploit the issue to access system files without authentication. Gladinet CentreStack and Triofox are enterprise file-sharing and cloud stor

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

6 TTPs

•

by Pierluigi Paganini / 2h

Spain’s Guardia Civil dismantled the cybercrime group “GXC Team” and arrested its 25-year-old Brazilian leader. Spanish Guardia Civil dismantled the “ GXC Team ” cybercrime group, arresting its 25-year-old Brazilian leader “GoogleXcoder.” The gang sold AI-powered phishing kits, Android malware, and voice-scam tools via Telegram and Russian forums, becoming a major supplier of credential theft too

Attackers exploit valid logins in SonicWall SSL VPN compromise

IoC > 1 IP

•

by Pierluigi Paganini / 5h

•

6 TTPs

Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly. Cybersecurity firm Huntress warned of a widespread compromise of SonicWall SSL VPNs, with threat actors using valid credentials to access multiple customer accounts rapidly. “As of October 10, Huntress has observed widespread compromise of SonicWall SSLVPN devices a

Yesterday

Apple doubles maximum bug bounty to $2M for zero-click RCEs

Apple boosts bug bounty to $2M

•

by Pierluigi Paganini / 21h

Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers. Apple doubled its bug bounty rewards, now offering up to $2 million for zero-click remote code execution flaws. Since 2020, the tech giant has paid $35M to 800 researchers. Apple aims to pay exploit chains comparable to mercenary and commercial spyware vendors . The company annou

Juniper patched nine critical flaws in Junos Space

2 TTPs

•

by Pierluigi Paganini / 1d

•

CVE-2025-59978 & 4 others

Juniper fixed nearly 220 flaws in Junos OS, Junos Space, and Security Director, including nine critical bugs in Junos Space. Juniper Networks released patches to address nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical flaws in Junos Space. One of these flaws, tracked as CVE-2025-59978 (CVSS score of 9.0), is a critical Cross-Site Scripting (XSS)

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

9 TTPs

•

by Pierluigi Paganini / 1d

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber i

Oct 9, 2025

U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog . Grafana is an open-source platform for monitoring and observability. This flaw is a dire

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

2 TTPs

•

by Pierluigi Paganini / 1d

RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June. Trend Micro researchers reported that the RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, NVRs, CCTV systems, and web servers, active globally since June. Experts noted that the latest RondoDox campaign adopts an “exploit shotgun”

End of feed