Author: Staff Writer

Top Highlights A vulnerability in the American Archive of Public Broadcasting’s website, exploited since 2021, allowed unauthorized downloads of protected media for years before being patched in 2024. The flaw was an IDOR (Insecure Direct Object Reference) bug, which permitted users to bypass access controls and request private media files by manipulating request parameters. Despite the organization’s efforts to fix the issue, the exploit continued circulating on Discord and messaging platforms, leading to ongoing leaks and content sharing among data hoarder communities. The incident highlights vulnerabilities in digital archives and how unofficial communities can access and share sensitive or copyrighted…

Quick Takeaways A minor suspect linked to the Scattered Spider cybercriminal group was arrested in Las Vegas for involvement in high-profile casino cyberattacks in 2023, which caused significant financial losses. The attacks targeted MGM Resorts and Caesars, resulting in $100 million in lost revenue and extortion demands of up to $15 million; the group has been responsible for at least 120 attacks since 2022. The group, known for social engineering and phishing techniques, often involves multiple individuals with diverse skills, and is responsible for extortion on 47 U.S. organizations, collecting over $115 million in ransom payments. Authorities are considering trying…

Quick Takeaways A ransomware attack on Collins Aerospace’s check-in systems caused major disruptions at several European airports, including Heathrow, Brussels, and Berlin, starting Friday night. The attack targeted the MUSE system used by multiple airlines, leading to over 100 flight delays or cancellations and impacting thousands of passengers. The European Union Agency for Cybersecurity (ENISA) confirmed the ransomware incident, with ongoing disruptions and efforts for system restoration by Collins Aerospace. Law enforcement is investigating, and officials are advising travelers to check flight statuses, emphasizing the importance of enhanced cybersecurity measures. What’s the Problem? Over the weekend, multiple major European airports,…

Top Highlights Attackers exploit Oracle Database Scheduler’s External Jobs feature to execute malicious commands on Windows servers, bypassing defenses. They leverage misconfigured credentials and SYSDBA access to run encoded PowerShell scripts via extjobo.exe, often hiding in normal operations. The technique involves injecting Base64-encoded payloads directly into memory, avoiding detection by traditional endpoint security tools. This method enables covert activities like establishing reverse shells, creating persistence accounts, and deploying ransomware, highlighting urgent security gaps. The Core Issue Recent security reports highlight a troubling surge in cyberattacks targeting Oracle Database Scheduler’s External Jobs feature, used by database administrators to automate maintenance tasks.…

Summary Points Legacy cybersecurity tools often fail to detect a large portion of malware variants due to reliance on exact file hash matching, resulting in significant false negatives. Stairwell’s analysis revealed that for each detected malware variant, there are 1-2 undetected variants, increasing the risk of cybersecurity incidents. The proliferation of AI-enabled malware creation will exponentially increase the number of variants, making detection more challenging and urgent. Utilizing structural and behavioral analysis tools is more effective for malware detection than traditional hash-based methods, highlighting a shift in cybersecurity strategies. The Issue A comprehensive analysis of 769 public threat reports by…

Fast Facts Stellantis confirmed a data breach where attackers stole customer contact information from a third-party platform supporting its North American customer service, but no sensitive financial data was compromised. The breach is linked to the ShinyHunters group, which claims to have stolen over 18 million Salesforce records from Stellantis and others, utilizing OAuth tokens to access sensitive information. This incident is part of a broader wave of Salesforce data breaches affecting multiple high-profile companies, with attackers leveraging Salesforce environment vulnerabilities to steal data and extort victims. The FBI issued a warning about such breaches, with ShinyHunters claiming to have…

Quick Takeaways Rapid Security Landscape Changes: Attackers swiftly exploit vulnerabilities, making it essential for organizations to patch weaknesses immediately, as a recently closed vulnerability can become tomorrow’s breach risk. New Threats and Collaborations: The emergence of tools like the AI-powered penetration testing tool "Villager" and collaborations between hacking groups like Gamaredon and Turla highlight the dynamic nature of cyber threats. Critical Zero-Day Vulnerabilities: Google and other entities face ongoing threats from zero-day vulnerabilities, such as CVE-2025-10585 in Chrome, underscoring the urgency of timely security updates. Targeted Cyber Campaigns: Advanced persistent threats (APT) are actively leveraging social engineering and malware to…

Fast Facts SEO Poisoning Attack: A new campaign is targeting Mac users through targeted SEO poisoning, misleading them to malicious GitHub repositories posing as legitimate software. Infostealer Deployment: The campaign includes repositories that claim to offer genuine MacOS software but actually deliver the Atomic infostealer (AMOS) when users follow instructions provided on the fake pages. Wide-ranging Targets: LastPass reports that various tech and financial companies were targeted, with the campaign utilizing multiple fake GitHub accounts to create convincing listings. Mitigation Recommendations: Users are urged to download software only from official app stores and to use robust antivirus protection, along with…

Fast Facts A third-party ransomware attack on Collins Aerospace disrupted check-in systems at major European airports, including Heathrow, Brussels, and Berlin, causing delays and cancellations. Authorities confirmed the ransomware type is identified, and investigations are ongoing; airports are advising passengers to verify flight statuses before traveling. UK and Russian airports experienced website and digital infrastructure disruptions, though operational activities like check-in continued normally at some sites. Experts warn that reliance on a few vendors increases vulnerability in aviation cybersecurity and emphasize the need for increased resilience, redundancy, and proactive threat management. The Issue Over the weekend, several major European airports,…

Quick Takeaways A ransomware attack on Collins Aerospace caused widespread disruptions at key European airports, impacting check-in and boarding systems, leading to delays and cancellations. The incident affected major airports including Heathrow, Brussels, and Berlin, with some airports experiencing significant operational challenges and internal system compromises. Authorities and cybersecurity experts are investigating the attack, with indications that a known cybercrime group, possibly connected to ShinyHunters or Scattered Spider, may be responsible. Collins Aerospace is still working to restore impacted systems, and concerns remain about ongoing hacker presence within their networks, as well as exposed systems lacking adequate security measures. Problem…