#cisco

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and aimed

A leak site from Scattered LAPSUS$ Hunters alleges Salesforce breach, with hackers claiming 1B records stolen and 39 major companies affected

Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world.

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real

Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to

Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security

Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU). "The new variant's features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the