TECHZONE™

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware," the Microsoft Threat Intelligence team said in a post shared on X. The tech

Beware the Hidden Costs of Pen Testing https://thehackernews.com/2025/10/beware-hidden-costs-of-pen-testing.html Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results.  The benefits of pen testing are clear. By empowering “white hat” hackers to attempt to breach your system using similar tools and techniques to

ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More https://thehackernews.com/2025/10/threatsday-bulletin-15b-crypto-bust.html The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive. Hackers don’t always break systems anymore — they use them. They hide inside trusted apps, copy real websites, and trick people into giving up control

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack https://thehackernews.com/2025/10/cisa-flags-adobe-aem-flaw-with-perfect.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution.

Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months https://thehackernews.com/2025/10/chinese-threat-group-jewelbug-quietly.html A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group's expansion to the country beyond Southeast Asia and South America. The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks as Jewelbug, which it said overlaps with

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion https://thehackernews.com/2025/10/f5-breach-exposes-big-ip-source-code.html U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated nation-state threat actor," adding the adversary maintained long-term, persistent access to its network. The

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks https://thehackernews.com/2025/10/over-100-vs-code-extensions-exposed.html New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,"

How Attackers Bypass Synced Passkeys https://thehackernews.com/2025/10/how-attackers-bypass-synced-passkeys.html TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system. "The vulnerabilities affect Red Lion SixTRAK and VersaTRAK

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization. "Due to a deserialization vulnerability in SAP NetWeaver, an

Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains. "TA585 is notable because it

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.html Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. "Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, 'serviceaccount,'" eSentire said in a technical report published

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login https://thehackernews.com/2025/10/new-oracle-e-business-suite-bug-could.html Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data. The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14. "Easily exploitable vulnerability allows an unauthenticated attacker with

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts https://thehackernews.com/2025/10/experts-warn-of-widespread-sonicwall.html Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing." A significant chunk of

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks https://thehackernews.com/2025/10/hackers-turn-velociraptor-dfir-tool.html Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware. The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers https://thehackernews.com/2025/10/stealit-malware-abuses-nodejs-single.html Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It's assessed that the malware is being propagated through