Self-Propagating Malware Hits WhatsApp Users in Brazil
The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.
-
-
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in…
-
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to…
-
CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked,…
-
Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described…
-
Scattered Lapsus$ Hunters Returns With Salesforce Leak Site
After claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met.
-
Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage
Dutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe.
-
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That’s according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has…
-
Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. “Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it…
-
Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business
The company likely failed to completely clean out attackers from a previous breach and now is a case study for the high cost of ransomware.