InfoSec News 20251017
Top News
-
Microsoft fixes highest-severity ASP.NET Core flaw ever
This HTTP request smuggling bug (CVE-2025-55315) was found in the Kestrel ASP.NET Core web server, and it enables authenticated attackers to smuggle another HTTP request to hijack other users' credentials or bypass front-end security controls.
TLP1 : Green
-
Over 266,000 F5 BIG-IP instances exposed to remote attacks
Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week
TLP1 : Green
-
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air on Friday became the second company to confirm that information was stolen by hackers who breached their Oracle E-Business Suite application.
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack
China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage.
TLP1 : Green
-
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware.
TLP1 : Green
-
Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe
n the Netherlands, three 17-year-olds are suspected of providing services to a foreign power with one said to be in contact with an unnamed Russian-government affiliated hacker group. It was also confirmed that the suspect with links to the Russian hacking group instructed the other two to map Wi-Fi networks in The Hague on multiple occasions.
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Prosper disclosed a data breach impacting 17.6 million accounts
Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users.
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
A critical WatchGuard Fireware flaw could allow unauthenticated code execution
A critical WatchGuard Fireware vulnerability, tracked as CVE-2025-9242, could allow unauthenticated code execution.
TLP1 : Green
-
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. The security issue leveraged in the attacks affects the Simple Network Management Protocol (SNMP) in Cisco IOS and IOS XE and leads to RCE if the attacker has root privileges.
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Picus Security uses AI to turn threat intelligence into attack simulations
Picus Security launched new AI-powered breach and attack simulation (BAS) capabilities within the Picus Security Validation Platform. This introduces a new level of speed and intelligence, enabling security teams to create and simulate complex attack scenarios, validate the effectiveness of their defenses and prioritize actions that reduce real-world risk.
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset.
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.