Tag: patching
-
The Register: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried
Source URL: https://www.theregister.com/2025/10/06/microsoft_blames_medusa_ransomware_affiliates/ Source: The Register Title: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried Feedly Summary: You can’t find anything bad if you don’t look, right? Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra’s GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence.……
-
Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…
-
The Register: Clop crew hits Oracle E-Business Suite users with fresh zero-day
Source URL: https://www.theregister.com/2025/10/06/clop_oracle_ebs_zeroday/ Source: The Register Title: Clop crew hits Oracle E-Business Suite users with fresh zero-day Feedly Summary: Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that…
-
The Register: Oracle tells Clop-targeted EBS users to apply July patch, problem solved
Source URL: https://www.theregister.com/2025/10/03/oracle_ebs_clop_extortion/ Source: The Register Title: Oracle tells Clop-targeted EBS users to apply July patch, problem solved Feedly Summary: Researchers suggest internet-facing portals are exposing ‘thousands’ of orgs Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems.……
-
Schneier on Security: Daniel Miessler on the AI Attack/Defense Balance
Source URL: https://www.schneier.com/blog/archives/2025/10/daniel-miessler-on-the-ai-attack-defense-balance.html Source: Schneier on Security Title: Daniel Miessler on the AI Attack/Defense Balance Feedly Summary: His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or,…
-
Cisco Talos Blog: Nvidia and Adobe vulnerabilities
Source URL: https://blog.talosintelligence.com/nvidia-and-adobe-vulnerabilities/ Source: Cisco Talos Blog Title: Nvidia and Adobe vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort…
-
Unit 42: TOTOLINK X6000R: Three New Vulnerabilities Uncovered
Source URL: https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ Source: Unit 42 Title: TOTOLINK X6000R: Three New Vulnerabilities Uncovered Feedly Summary: Researchers identified vulnerabilities in TOTOLINK X6000R routers: CVE-2025-52905, CVE-2025-52906 and CVE-2025-52907. We discuss root cause and impact. The post TOTOLINK X6000R: Three New Vulnerabilities Uncovered appeared first on Unit 42. AI Summary and Description: Yes Summary: The text highlights newly…