"Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 09 October 2025, 1422 UTC.
Content and Source: Email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
15
Today
All SonicWall Cloud Backup users were impacted after hackers stole firewall configuration files from the MySonicWall service in early September. Threat actors stole firewall configuration backups from SonicWall’s cloud service, impacting all users of its MySonicWall cloud backup platform. In September, SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall
Yesterday
2 TTPs
by Pierluigi Paganini / 5h
Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won’t pay the threat actors claiming to have stolen data on 5.5M users, clarifying that only about 70K ID photos were actually exposed. The attackers claimed they have breached Discord’s Zendesk support instance, but the company has yet to confirm it. Attackers cl
Qilin ransomware claimed responsibility for the recent attack on the beer giant Asahi that disrupted operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a strong presence in Europe and
2 TTPs
by Pierluigi Paganini / 19h
DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the cyber threat landscape. Ransomware groups DragonForce , LockBit , and Qilin formed a strategic alliance to enhance their attack capabilities, signaling an evolving cyber threat landscape. The alliance aims at sharing tools and infrastructure to enhance attack effectiveness. The
DraftKings warns of credential stuffing using stolen logins; No evidence of data loss, but users must reset passwords and enable MFA. A credential stuffing campaign is targeting the American sports gambling company DraftKings. Credential stuffing is a type of cyberattack where hackers use stolen usernames and passwords, usually obtained from previous data breaches, to try to log into other online
Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it. Redis disclosed a critical RCE bug, tracked as CVE-2025-49844 (also known as “RediShell”, with a CVSS score of 10.0), where a malicious Lua script can exploit the garbage collector to trigger a use-after-free vulnerability and enable remote code execution. Cybersecu
Oct 7, 2025
IoC > 1 IP
by Pierluigi Paganini / 1d
•9 TTPs
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Synacor Zimbra Collaboration Suite (ZCS) flaw, tracked as CVE-2025-27915 , to its Known Exploited Vulnerabilities (KEV) catalog . CVE-2025-27915 is a stored XSS flaw in
Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing easy remote code execution via License Servlet bug. A cybercrime group, tracked as Storm-1175 , has been actively exploiting a maximum severity GoAnywhere MFT vulnerability ( CVE-2025-10035 ) in Medusa ransomware attacks for nearly a month. The vulnerability CVE-2025-10035 is a deserialization issue in the License
Oct 6, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group , also known as Graceful Spider. The critical bug allows unauthenticated remote code execution, with the first k
4 TTPs
by Pierluigi Paganini / 2d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and Microsoft IE flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the
Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info. Discord disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams. Discord has begun sending e-mails notifications about a cybersecurity incident which occurred September
Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerability, tracked as CVE-2025-61882 (CVSS 9.8) in its E-Business Suite. “Updated [10/04/2025]: Oracle has issued Oracle Security Alert Advisory – CVE-2025-61882 to provide updates against additional potential
LinkedIn sued ProAPIs and its CEO Rahmat Alam for running millions of fake accounts to scrape and sell user data, charging up to $15,000 per month. LinkedIn has filed a lawsuit against the software firm ProAPIs and its CEO, Rahmat Alam, accusing them of creating millions of fake accounts to scrape and sell user data. Defendants offer real-time, detailed LinkedIn data via a fake account network, r
Oct 5, 2025
IoC > 1 IP
by Pierluigi Paganini / 3d
•9 TTPs
Threat actors exploited a Zimbra zero-day via malicious iCalendar (.ICS) files used to deliver attacks through calendar attachments. StrikeReady researchers discovered that threat actors exploited the vulnerability CVE-2025-27915 in Zimbra Collaboration Suite in zero-day attacks using malicious iCalendar (.ICS) files. These files, used to share calendar data, were weaponized to deliver JavaScript
ENISA Threat Landscape 2025: Rising ransomware, AI phishing, and state-backed espionage mark a converging, persistent EU cyber threat landscape. ENISA Threat Landscape 2025 report provides a comprehensive analysis of the evolving threat landscape in Europe. The report analyzes the events that occurred between July 2024 and June 2025, including nearly 4,900 verified incidents. This year’s edition
End of feed
- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.