As October 2025 closes, Sonrai’s latest analysis of new AWS permissions reveals a continued trend: incremental privilege changes with outsized impact. This month’s additions span OpenSearch Ingestion, Aurora DSQL, QuickSight, Parallel Computing Service, ARC Region Switch, and RTB Fabric, touching…
Tag: EN
Oct Recap: New and Newly Deniable GCP Privileged Permissions
As October 2025 wraps up, Sonrai’s latest analysis of Google Cloud Platform permissions reveals both newly introduced privileged actions and those that have become newly enforceable through the V2 API, meaning organizations can now explicitly deny their use. This month’s…
European authorities dismantle €600 million crypto scam network
Nine people have been arrested in a coordinated international operation targeting a large cryptocurrency money laundering network that defrauded victims of more than €600 million. The operation was led by Eurojust, the EU’s judicial cooperation agency, which brought together investigators…
China-Linked Hackers Target Cisco Firewalls in Global Campaign
New reports show China-based hackers are targeting US federal, state, and global government networks via unpatched Cisco firewalls. Get the full details and necessary steps to secure devices. This article has been indexed from Hackread – Cybersecurity News, Data Breaches,…
Former Cyber-Security Employees Accused Of Hacks
Three former employees of two cyber-security firms accused of carrying out ransomware attacks on multiple companies in their spare time This article has been indexed from Silicon UK Read the original article: Former Cyber-Security Employees Accused Of Hacks
Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail
The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform, which emerged in August 2023, has become a formidable adversary against organizational security, employing advanced evasion techniques and adversary-in-the-middle (AiTM)…
Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network
An ongoing malicious advertising campaign is weaponizing legitimate software downloads to deploy OysterLoader malware, previously identified as Broomstick and CleanUpLoader. This sophisticated initial access tool enables cybercriminals to establish footholds in corporate networks, ultimately serving as a delivery mechanism for…
Critical Android 0-Click Vulnerability in System Component Allows Remote Code Eexecution Attacks
Google has issued a critical security alert for Android devices, highlighting a severe zero-click vulnerability in the system’s core components that could allow attackers to execute malicious code remotely without any user interaction. Disclosed in the November 2025 Android Security…
Hackers Actively Scanning Internet to Exploit XWiki Remote Code Execution Vulnerability
A critical remote code execution vulnerability affecting XWiki’s SolrSearch component has become the target of widespread exploitation attempts, prompting cybersecurity authorities to add it to their watchlist. The flaw allows attackers with minimal guest privileges to execute arbitrary commands on…
Zscaler Acquires AI Security Company SPLX
SPLX red teaming, asset management, and threat inspection technology will enable Zscaler to expand its Zero Trust Exchange platform. The post Zscaler Acquires AI Security Company SPLX appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft Receives US Permit To Send Nvidia Chips To UAE
Microsoft receives permit to send advanced Nvidia AI accelerator chips to United Arab Emirates as US battles China influence This article has been indexed from Silicon UK Read the original article: Microsoft Receives US Permit To Send Nvidia Chips To…
Microsoft Plans to Remove Entra Accounts from Authenticator on Jailbroken Devices
Microsoft is rolling out a significant security enhancement for its Authenticator app starting February 2026, introducing jailbreak and root detection capabilities that will automatically wipe Microsoft Entra credentials from compromised devices. This move represents a strategic shift toward strengthening enterprise…
Sling TV turned privacy into a game you weren’t meant to win
California has fined Sling TV for misleading privacy controls that made opting out nearly impossible. Even children’s data ended up in ad targeting. This article has been indexed from Malwarebytes Read the original article: Sling TV turned privacy into a…
DeFi Protocol Balancer Loses Over $120m in Cyber Heist
Digital thieves have got away with over $120m stolen from popular decentralized finance protocol Balancer This article has been indexed from www.infosecurity-magazine.com Read the original article: DeFi Protocol Balancer Loses Over $120m in Cyber Heist
Waymo To Expand Into Las Vegas, San Diego, Detroit
Google sister company Waymo plans autonomous taxi services in three more US cities, as it seeks to accelerate growth This article has been indexed from Silicon UK Read the original article: Waymo To Expand Into Las Vegas, San Diego, Detroit
RondoDox Botnet Swells Its Arsenal — 650% Jump in Enterprise-Focused Exploits
The cybersecurity threat landscape shifted dramatically on October 30, 2025, when security researchers monitoring honeypot infrastructure detected a significantly evolved variant of the RondoDox botnet. The updated malware now features 75 distinct exploitation vectors, a fundamental expansion that transforms the…
Android Update Patches Critical Remote Code Execution Flaw
The November 2025 Android patches resolve two vulnerabilities, both in the platform’s System component. The post Android Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Android…
OpenAI Signs Cloud Deal With Amazon Web Services
OpenAI to buy $38bn of cloud services from Amazon Web Services over seven years, as AWS deploys cutting-edge Nvidia chips This article has been indexed from Silicon UK Read the original article: OpenAI Signs Cloud Deal With Amazon Web Services
Microsoft Buys AI Compute From IREN In $9.7bn Deal
Microsoft signs five-year deal with Australian neocloud company IREN for AI compute capacity, powered by Nvidia-based Dell servers This article has been indexed from Silicon UK Read the original article: Microsoft Buys AI Compute From IREN In $9.7bn Deal
Pony.ai Expects To Raise $860m From Hong Kong IPO
Chinese autonomous driving tech firm Pony.ai sets final share price for Hong Kong secondary listing, as WeRide plans parallel offer This article has been indexed from Silicon UK Read the original article: Pony.ai Expects To Raise $860m From Hong Kong…