Author: Staff Writer

Essential Insights Hacktivist Groups Target Critical Infrastructure: In September 2025, TwoNet, a pro-Russian hacktivist group, targeted a water treatment plant honeypot, gaining access to the HMI to deface, disrupt, and manipulate systems, marking a significant escalation in OT/ICS attacks. Emerging Tactics and Alliances: TwoNet expanded from DDoS to diverse operations, including propaganda, doxing, ransomware offerings, and hack-for-hire services, often sharing tactics and targets with affiliated hacktivist groups, demonstrating rapid growth and collaboration. State-Linked and Criminal Threats: Attacks from Iran and Russia involving Modbus, S7, and HTTP protocols reveal inconsistent but targeted probing of OT and ICS environments, indicating both nation-state…

Summary Points Apple has expanded its bug bounty program, now offering up to $2 million for complex exploit chains, with total rewards exceeding $35 million since 2020. The company introduced Memory Integrity Enforcement (MIE) for iPhones and increased payouts for vulnerabilities such as sandbox escapes, physical access attacks, and remote exploits, with some rewards reaching up to $5 million. New ‘Target Flags’ feature allows researchers to demonstrate specific security issues objectively, streamlining reward validation across Apple devices. Starting November 2025, Apple will implement these enhanced payout structures and introduce bonuses for low-impact vulnerabilities, aiming to bolster defenses against sophisticated spyware…

Fast Facts The FBI successfully seized all domains and infrastructure of BreachForums, a major hacking forum operated by ShinyHunters, signaling the end of its era as a cybercrime hub. All of BreachForums’ backups and escrow databases since 2023 have been compromised, with backend servers seized, but the dark web leak site remains online. Despite the seizure, the hackers plan to continue their Salesforce data leak campaign, exposing over one billion records from companies like FedEx, Disney, Google, and others. The platform’s recent version was different from previous ones, functioning as a data extortion site rather than a typical cybercrime forum,…

Essential Insights Dozens of organizations have been impacted by a zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite since August 2025, enabling data exfiltration and remote code execution. The attack campaign employs multiple exploits, including SSRF, CRLF injection, and authentication bypass, with sophisticated malware payloads like GOLDVEIN and SAGELEAF used to compromise systems. The threat actor, possibly linked to Cl0p or similar groups, conducted extensive pre-attack research, targeting public-facing enterprise applications for strategic data theft and extortion. Oracle issued patches post-attack, but the campaign underscores escalating risks of large-scale, well-resourced zero-day exploits and extortion tactics in cybercrime landscapes. Key Challenge Recently,…

Top Highlights International law enforcement agencies seized the BreachForums clearnet domain (breachforums[.]hn), marking a significant effort to dismantle the notorious cybercrime marketplace. BreachForums, following a turbulent history of seizures and rebirths, served as a key platform for hacking groups, including the "Trinity of Chaos" and "ShinyHunters," and operated across various domains. The latest seizure occurs amidst the apparent dissolution of the "Scattered Lapsus$ Hunters" alliance and chaos within their communication channels, indicating ongoing disruption. Despite the takedown of the clearnet site, reports suggest the dark web counterpart may still operate, hinting at continued challenges in eradicating the criminal enterprise. Problem…

Quick Takeaways SonicWall’s recent security breach affected all customers using its cloud backup service, exposing firewall configuration files containing AES-256 encrypted data. The company urged affected users to perform comprehensive credential resets, including passwords, API keys, and authentication tokens, especially for active, internet-facing firewalls. SonicWall collaborated with Mandiant to investigate the incident, confirming unauthorized access to backup files for all cloud backup users, with detailed remediation guidance provided. Users can verify if their devices were impacted via MySonicWall and should diligently update all relevant passwords and keys to mitigate potential exploitation risks. The Issue Recently, SonicWall announced that a security…

Top Highlights Data Breach: SonicWall has revealed that unauthorized access occurred to firewall configuration backup files for all customers using its cloud backup service, posing potential risks for targeted attacks. Customer Notification: The company is actively notifying customers and partners, urging them to log in and assess their devices, while providing tools for device assessment and remediation. Prioritization for Remediation: Impacted devices are categorized by priority levels to streamline remediation efforts, focusing on those with internet-facing services as high priority. Infrastructure Improvements: Following the breach, SonicWall has enhanced its infrastructure with stronger authentication controls and better logging to prevent future…

Essential Insights Global supply chains heavily rely on digital document exchanges, which introduce significant security and operational risks due to potential malware and data breaches. Traditional cybersecurity methods like antivirus and sandboxing are inadequate for supply chain files, as they are slow and can disrupt critical operations, leaving gaps for sophisticated attacks. Content Disarm and Reconstruction (CDR) offers a real-time, behind-the-scenes solution by stripping malicious content from all files, preserving their functionality without delaying workflows. Votiro’s CDR technology integrates seamlessly with existing logistics systems, ensuring safe, compliant files that protect operations, prevent disruptions, and enable valuable threat analytics. What’s the…

Top Highlights Two high-severity vulnerabilities (CVE-2025-11001 and CVE-2025-11002) in 7-Zip can enable remote code execution via malicious ZIP archives exploiting symbolic link handling flaws. These flaws allow directory traversal, potentially placing malicious payloads outside intended folders and leading to system compromise. Exploitation requires user interaction to open a malicious archive, but successful attacks could result in full system control, data theft, or malware deployment. The developer released 7-Zip version 25.00 to fix these issues; users must update immediately to mitigate significant security risks. Key Challenge Two critical security flaws, labeled CVE-2025-11001 and CVE-2025-11002, have been identified in all versions of…

Essential Insights Threat actors are using the Velociraptor DFIR tool, exploited via an outdated version with a security flaw (CVE-2025-6264), to maintain persistent access during LockBit and Babuk ransomware attacks, linked to a China-based group, Storm-2603. The attackers created local admin accounts, gained control of VMware vSphere VMs, and employed Velociraptor for ongoing access, even after host isolation, while disabling security defenses like Defender and GPOs. They deployed ransomware variants—LockBit on Windows (.xlockxlock extension) and Babuk on VMware Linux systems—and used a fileless PowerShell encryptor combined with exfiltration scripts for double extortion. Cisco Talos provides specific IoCs, including malicious files…