News
-
Dentsu says Merkle subsidiary suffered data breach exposing staff and client information
Dentsu disclosed that U.S. subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data, systems were taken offline, data were stolen and impacted individuals are being notified while an investigation continues.
-
High-severity cache-poisoning vulnerability in BIND 9; patches issued after PoC published
CVE-2025-40778 is a high-severity cache-poisoning vulnerability in BIND 9 that can allow remote attackers to inject forged DNS records. Proof-of-concept code is public and fixed versions are available; administrators are urged to apply patches immediately.
-
CISA says two Dassault DELMIA Apriso flaws are being actively exploited
CISA warned that two vulnerabilities in Dassault Systèmes’ DELMIA Apriso are being actively exploited. The flaws, CVE-2025-6205 and CVE-2025-6204, were patched by the vendor in August and have been added to CISA’s KEV catalog; U.S. federal agencies must remediate under BOD 22-01 by Nov. 18.
-
Google denies reports that 183 million Gmail accounts were breached
Google said reports that 183 million Gmail accounts were breached are false; the dataset cited appears to be an aggregation of infostealer-sourced credentials shared with Have I Been Pwned, and users are advised to enable two-step verification, use passkeys and change exposed passwords.
-
SideWinder adopts ClickOnce-based infection chain in South Asia espionage campaign
Researchers say the SideWinder group used a new ClickOnce‑based infection chain alongside Word exploits in spear‑phishing waves from March to September 2025 to deliver ModuleInstaller and the StealerBot implant against diplomatic and government targets in South Asia.
-
QNAP: Windows NetBak PC Agent affected by critical ASP.NET Core flaw
QNAP warned that its NetBak PC Agent for Windows is impacted by CVE-2025-55315, a critical ASP.NET Core vulnerability in the Kestrel web server that can enable credential hijacking or request-smuggling attacks, and urged users to reinstall the agent or install the latest ASP.NET Core runtime.
-
Kaspersky links Chrome zero-day campaign to Italian spyware firm Memento Labs
Kaspersky detailed Operation ForumTroll, a campaign that used a Chrome sandbox escape (CVE-2025-2783) to deliver modular spyware LeetAgent and a second implant called Dante, which researchers attribute with high confidence to Memento Labs, a firm formed from assets of the former Hacking Team.
-
Researchers warn ‘CoPhish’ uses Microsoft Copilot Studio agents to harvest OAuth tokens
Datadog Security Labs disclosed “CoPhish,” a phishing method that uses Microsoft Copilot Studio agents and legitimate Microsoft-hosted demo pages to deliver fraudulent OAuth consent flows and harvest session tokens; Microsoft says it will address the issue in a future update and both vendors recommend tightening admin privileges and consent policies.
-
Qilin ransomware deployed Linux payload on Windows using BYOVD and legitimate IT tools, researchers say
Researchers report that the Qilin ransomware group has been highly active through 2025, using leaked credentials, credential-harvesting tools and legitimate remote-management software to deploy a Linux ransomware binary on Windows systems while employing BYOVD and targeting backup infrastructure.
-
Mass attacks exploit outdated GutenKit and Hunk Companion WordPress plugins
A mass exploitation campaign is targeting WordPress sites running outdated GutenKit and Hunk Companion plugins, leveraging three critical vulnerabilities that can lead to remote code execution; Wordfence said it blocked 8.7 million attack attempts over two days and urged administrators to update plugins and check for indicators of compromise.
