Reza Rafati
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS score of 9.8, allows remote attackers to bypass authentication and gain unauthorized access, posing a significant risk of complete system compromise to affected versions.
-
Bugcrowd Buys Mayhem Security for AI Hacking
Bugcrowd acquires Mayhem Security, an AI and cyber scaleup. This merger boosts ethical hacking with AI-powered testing. Mayhem’s AI platform offers continuous security testing. The collaboration aims to shrink attack surfaces and pre-empt risks.
-
Sanctions Hit Russia’s Bulletproof Hosting Provider
U.S., UK, and Australia sanction Russia-based Media Land for providing bulletproof hosting to ransomware groups like LockBit, BlackSuit, and Play, freezing assets and prohibiting transactions.
-
Grafana Patches Critical SCIM Flaw
Grafana has patched a critical security flaw, CVE-2025-41115, in its SCIM component. This vulnerability could lead to user impersonation or privilege escalation in affected Grafana Enterprise versions. Users are advised to update immediately.
-
France Delivers SAMP/T Air Defense to Ukraine
France to boost Ukraine’s air defense with eight advanced SAMP/T NG systems, equipped with Aster 30 Block 1 NT missiles to counter ballistic and hypersonic threats.
-
CVE-2025-8855: 2FA Bypass in Brokerage Automation
CVE-2025-8855 is a critical 2FA bypass vulnerability in Optimus Software’s Brokerage Automation platform. It combines authorization bypass, weak password recovery, and authentication bypass flaws, leading to high-severity risks and unauthorized access.
-
PhantomRaven Malware Found in 126 npm Packages, Stealing GitHub Tokens
PhantomRaven exploits npm packages to steal GitHub tokens and CI/CD secrets, Koi Security says.
-
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases
Safery is a malicious Chrome wallet extension that hides stolen Ethereum seed phrases inside Sui micro-transactions; defenders should monitor unexpected browser RPC calls and on-chain writes during wallet import.
-
Cisco RCE Vulnerability Affects Security Appliances
Cisco has identified a critical RCE vulnerability, CVE-2024-20353, affecting its Secure Web Appliance and Secure Email Gateway products. Immediate updates are urged.
-
Cisco Firepower Firewalls: Next-Gen Protection and Critical Vulnerabilities
This article examines Cisco Firepower Firewalls, detailing their next-generation protection capabilities and critical vulnerabilities. It highlights the importance of timely updates as warned by CISA for effective cybersecurity.