Risk
-
Foreign intruders accessed Kansas City weapons plant IT via SharePoint flaws, source says
A source familiar with an August response says a foreign actor exploited unpatched Microsoft SharePoint flaws to access the Kansas City National Security Campus IT network. Investigations are ongoing, attribution is disputed between Chinese-linked groups and possible Russian actors, and experts warn the incident highlights gaps between IT and operational technology security.
-
Europol: SIMCARTEL takedown leads to seven arrests, thousands of SIM cards seized
European authorities dismantled a network called SIMCARTEL that used SIM boxes to facilitate phishing and other frauds, seizing thousands of SIM cards, making seven arrests and tracing the operation to millions of created accounts, officials said.
-
Researchers disclose critical WatchGuard Fireware IKEv2 vulnerability allowing unauthenticated code execution
Researchers and vendor advisories describe a critical out‑of‑bounds write in WatchGuard Fireware’s IKEv2 handling that can be exploited pre‑authentication to achieve remote code execution; patches are available.
-
Microsoft revokes more than 200 certificates used in fake Teams ransomware campaign
Microsoft said it revoked over 200 code signing certificates used by a group tracked as Vanilla Tempest to sign fake Microsoft Teams installers that delivered the Oyster backdoor and Rhysida ransomware; the company said it detected the activity in late September 2025 and has updated protections to flag the malicious signatures.
-
Have I Been Pwned reports 17.6 million addresses affected in Prosper data breach
Prosper, a peer-to-peer lending marketplace, disclosed a breach detected on Sept. 2. Data breach service Have I Been Pwned reported 17.6 million unique email addresses were exposed and said the stolen records include Social Security numbers and other personal data. Prosper said it has not found evidence of account or fund access and is investigating…
-
Sotheby’s reports July breach that exposed Social Security numbers and financial data
Sotheby’s said a July 24 cyber intrusion stole an unspecified amount of data, including Social Security numbers and financial account information; a filing with the Maine attorney general confirmed two Maine residents were affected and the company is offering 12 months of TransUnion monitoring.
-
Google says North Korean hackers used smart-contract “EtherHiding” to deliver malware
Google Threat Intelligence Group says a North Korean actor known as UNC5342 used an “EtherHiding” smart-contract technique to host and deliver JavaScript malware via fake job interviews, enabling stealthy payload updates and theft of credentials and cryptocurrency.
-
German authorities seize 1,406 fraudulent crypto trading domains in Operation Heracles
German authorities seized 1,406 fraudulent cryptocurrency trading domains on Oct. 3, 2025 under Operation Heracles, BaFin said, recording about 866,000 access attempts in ten days and warning that professional-looking sites, call centres and possibly AI were used to target German-speaking victims.
-
CISA adds Adobe AEM flaw to Known Exploited Vulnerabilities list
CISA added CVE-2025-54253, a critical Adobe Experience Manager Forms misconfiguration that can allow remote code execution, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; Adobe has released a patch and federal agencies were told to apply fixes by Nov. 5, 2025.
-
Analysis says Unitree G1 humanoid robot can be used for espionage and cyber attacks
Alias Robotics says its analysis found Unitree G1 humanoid robots can be taken over via a Bluetooth provisioning flaw, use weak, shared encryption for configuration files, and continuously transmit sensor and telemetry data to servers in China, creating risks for covert surveillance and network attacks.
