Vulnerabilities
-
Dartmouth College confirms data breach after Clop posts Oracle EBS data
Dartmouth College said files taken from its Oracle E-Business Suite servers were posted by the Clop extortion group. A Maine filing identified 1,494 individuals whose records included names and Social Security numbers, and an appendix said financial account data was also taken. The college has not yet filed a New Hampshire notice and has not…
-
CISA warns of active spyware campaigns targeting messaging app users
CISA warned that threat actors are actively using commercial spyware and remote access trojans to compromise users of mobile messaging apps, citing multiple campaigns that used techniques such as zero‑click exploits, device‑linking QR codes and spoofed apps, and urged high‑value individuals to follow specific security guidance.
-
Researchers: ClickFix variants use fake Windows Update page and steganography to deliver infostealers
Researchers warn that ClickFix attack variants are using a full‑screen fake Windows Update page and steganography in PNG images to hide and deliver infostealer malware, with campaigns employing mshta, PowerShell, a .NET Stego Loader and in‑memory execution techniques.
-
Shai‑Hulud campaign trojanises hundreds of npm packages and leaks CI/CD secrets to GitHub
A renewed Shai‑Hulud campaign has published thousands of trojanised npm packages that steal developer and CI/CD secrets and post them to GitHub; researchers at Aikido and Wiz say the operation modified legitimate packages, used compromised maintainer accounts and is leaking secrets in automatically created GitHub repositories.
-
Grafana patches CVSS 10.0 SCIM flaw that could allow impersonation
Grafana released updates to fix CVE-2025-41115, a CVSS 10.0 vulnerability in its SCIM provisioning component that could allow privilege escalation or user impersonation when specific configuration options are enabled; affected Enterprise versions and fixed releases were listed and users are urged to apply patches.
-
Almaviva confirms data theft after hacker posts 2.3TB claimed to include FS Italiane files
A hacker has posted 2.3TB of data it says was taken from Almaviva, an IT services provider that works with FS Italiane Group; Almaviva confirmed a breach and an investigation is ongoing, while it is unclear whether passenger data or other clients are affected.
-
Kaspersky flags expanding ‘Tsundere’ botnet that uses Ethereum to host C2 details
Kaspersky researchers have identified an expanding Windows-targeting botnet called Tsundere that deploys a Node.js-based payload via MSI or PowerShell, retrieves C2 details from the Ethereum blockchain and offers a control panel and marketplace for operators; attribution remains unclear.
-
D-Link warns of remote command-execution flaws in end-of-life DIR-878 routers
D-Link has warned that multiple remotely exploitable command-execution vulnerabilities affect the end-of-life DIR-878 router; technical details and proof-of-concept code are publicly available and the company recommends replacing the device because it will not receive security updates.
-
Acronis warns of ongoing ‘TamperedChef’ malvertising campaign using signed fake installers
Acronis Threat Research Unit says operators are using signed counterfeit installers in a global malvertising campaign dubbed TamperedChef to deploy a JavaScript backdoor, with infections concentrated in the U.S. and several industries affected; some variants have been used for advertising fraud while broader motives remain unclear.
-
Researchers disclose Sturnus Android banking trojan that can capture messages and take over devices
Security researchers say a new Android banking trojan called Sturnus can capture decrypted messages from apps like WhatsApp, Telegram and Signal, present fake bank login screens, and allow remote control of infected devices; ThreatFabric reports the campaign so far is limited to Southern and Central Europe.
