Latest Cybersecurity News & Insights

---

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious

---

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and

---

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations. The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek.

---

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of

---

Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day

The company said there is no evidence that confidential client data was stolen from its systems. The post Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day appeared first on SecurityWeek.

---

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the

---

Virtual Event Today: Zero Trust & Identity Strategies Summit

Join the virtual event we dive into the world of digital identity management and the role of zero-trust principles and associated technologies. The post Virtual Event Today: Zero Trust & Identity Strategies Summit appeared first on SecurityWeek.

---

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can

---

No Time to Waste: Embedding AI to Cut Noise and Reduce Risk

Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources. The irony is that while AI has become a

---

Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching

Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks. The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.

---

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive and

---

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks

The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek.

---

The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices. The post The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn appeared first on SecurityWeek.

---

13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,

---

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation

Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek.

---

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain

---

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that facilitates

---

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk

The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek.

---

$4.5 Million Offered in New Cloud Hacking Competition

Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition. The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek.

---

Active exploitation of vulnerability affecting Oracle E-Business Suite

The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-61882) affecting Oracle E-Business Suite.