Cloud
-
China-linked Salt Typhoon exploited Citrix to target European telecom, Darktrace says
Security firm Darktrace reported that a European telecommunications organisation was targeted in July 2025 by a China-linked group known as Salt Typhoon, which exploited a Citrix NetScaler Gateway to gain access and deployed Snappybee via DLL side-loading; the activity was detected and remediated and the victim was not named.
-
Lawsuit says Deel orchestrated long-running espionage against competitor Rippling
Rippling filed a lawsuit on March 17, 2025, alleging that Deel directed a months-long corporate espionage campaign through a cultivated employee who searched Rippling systems thousands of times to capture sales, customer and recruiting information, and that top Deel executives were implicated.
-
Foreign intruders accessed Kansas City weapons plant IT via SharePoint flaws, source says
A source familiar with an August response says a foreign actor exploited unpatched Microsoft SharePoint flaws to access the Kansas City National Security Campus IT network. Investigations are ongoing, attribution is disputed between Chinese-linked groups and possible Russian actors, and experts warn the incident highlights gaps between IT and operational technology security.
-
AWS outage disrupts Amazon, Prime Video, Fortnite, Perplexity and more
An AWS outage has caused widespread service disruptions across multiple regions, affecting Amazon, Prime Video, Fortnite, Perplexity, Canva and others, with AWS reporting increased error rates and work underway to mitigate the issue.
-
ReliaQuest: Chinese-linked group converted ArcGIS server into long-term backdoor
ReliaQuest reported that a state-linked group known as Flax Typhoon modified an ArcGIS Java extension into a web shell, implanted it in backups and used it to run discovery, deploy a SoftEther-based VPN bridge and maintain access for over a year.
-
AMD issues fixes for ‘RMPocalypse’ flaw that can break SEV‑SNP protections
AMD has released fixes for a vulnerability termed RMPocalypse that researchers say can let a malicious hypervisor corrupt the Reverse Map Paging table during initialization and defeat SEV‑SNP protections; AMD has assigned CVE‑2025‑0033 and lists affected EPYC processors.
-
Unauthenticated flaw in Gladinet CentreStack and Triofox (CVE-2025-11371) exploited in the wild
Security researchers say CVE-2025-11371, an unauthenticated local file inclusion in Gladinet CentreStack and Triofox, is being exploited in the wild; Huntress recommends removing a handler from the UploadDownloadProxy Web.config as a temporary mitigation while Gladinet prepares a patch.
-
Google and Mandiant: Zero-day in Oracle E-Business Suite likely impacted dozens of organisations
Google Threat Intelligence Group and Mandiant reported that the exploitation of a zero-day in Oracle E-Business Suite likely affected dozens of organisations, using multiple vulnerabilities and post-exploitation tooling linked to Cl0p-styled extortion campaigns; investigators said Oracle has released patches and some investigative details remain unclear.
-
Microsoft: Storm-2657 Used Phishing to Redirect University Payrolls via Workday Accounts
Microsoft said a gang known as Storm-2657 has used phishing and adversary-in-the-middle links to steal MFA and compromise university Workday-linked accounts since March 2025, altering payroll configurations to redirect salary payments and spreading further phishing inside and across campuses.
-
SonicWall says unauthorized party accessed cloud firewall backup files
SonicWall said an unauthorized party accessed firewall configuration backup files stored in its cloud for all customers who used the cloud backup service; the files contain encrypted credentials and the company is urging users to check accounts and follow containment and remediation guidance.
