News
-
Zimbra zero-day reportedly used to target Brazilian military, report says
A stored cross-site scripting flaw in Zimbra Collaboration (CVE-2025-27915) was exploited in attacks that targeted the Brazilian military using malicious ICS calendar files, a StrikeReady Labs report said; Zimbra issued patches in January 2025.
-
Researchers report surge in scans targeting Palo Alto Networks login portals
GreyNoise reported a roughly 500% rise in IP addresses scanning Palo Alto Networks GlobalProtect and PAN-OS profiles, peaking at over 1,285 addresses on Oct. 3; GreyNoise classed most IPs as suspicious and also flagged separate Grafana exploitation attempts tied to CVE-2021-43798.
-
Trend Micro: SORVEPOTEL self‑propagating malware spreads via WhatsApp, hits Brazil hard
Trend Micro researchers said a self‑propagating malware campaign called SORVEPOTEL is spreading via WhatsApp and email to Windows desktops, concentrating in Brazil; it propagates through malicious ZIP attachments and PowerShell, aims for rapid spread rather than data theft, and has led to mass spam and account suspensions.
-
Signal adds post‑quantum SPQR ratchet to its protocol
Signal announced the Sparse Post Quantum Ratchet (SPQR), to be combined with its Double Ratchet into a Triple Ratchet that Signal says will add post‑quantum protections while preserving forward secrecy and post‑compromise security, and will be rolled out gradually with formal verification and academic review.
-
Renault and Dacia inform UK customers of data exposure after third‑party breach
Renault and Dacia told UK customers that personal data held by a third‑party provider was taken in a cyberattack, exposing names, contact details and vehicle identifiers; Renault said banking data was not exposed and declined to name the supplier or say how many customers were affected.
-
DrayTek warns of remote code execution bug in Vigor routers
DrayTek has warned that multiple Vigor router models are affected by CVE-2025-10547, an uninitialized stack vulnerability that can lead to memory corruption and, in some cases, remote code execution; firmware updates are available and administrators are urged to apply them.
-
Confucius-linked phishing in Pakistan used WooperStealer and Anondoor, researchers say
Researchers say the Confucius hacking group targeted Pakistani users with phishing lures that delivered WooperStealer and, in later attacks, a Python backdoor called Anondoor; Fortinet and K7 Security Labs described the techniques and capabilities but did not disclose victim counts.
-
Researchers Say YoLink Smart Hub Vulnerabilities Could Let Attackers Control Locks
Researchers at Bishop Fox have disclosed multiple vulnerabilities in the YoLink Smart Hub v0382 that can bypass authorization, expose credentials over unencrypted MQTT, and allow attackers to control devices including smart locks; the manufacturer has not yet issued a patch.
-
Malicious PyPI package ‘soopsocks’ acted as SOCKS5 proxy and Windows backdoor, researchers say
Researchers say a PyPI package called soopsocks posed as a SOCKS5 proxy but included Windows backdoor capabilities, downloaded 2,653 times before removal; analysis attributes reconnaissance, privilege elevation, firewall changes and data exfiltration to a compiled executable and accompanying scripts.
-
Adobe says Analytics ingestion bug caused some customers’ data to appear in other tenants
Adobe said an ingestion bug in Analytics Edge caused some organisations’ data to appear in other customers’ analytics instances between Sept. 17 and Sept. 18, 2025; Adobe is cleaning impacted datasets and a customer advisory seen by BleepingComputer instructs deletion of affected data and backups.
