📣 Oracle quietly confirms public cloud data breach, customer data stolen.
https://www.techradar.com/pro/security/oracle-quietly-confirms-public-cloud-data-breach-customer-data-stolen
The attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability is tracked as CVE-2021-35587 and was assigned a critical severity score 9.8/10. It was patched in mid-January 2022, raising questions over whether Oracle kept its own servers vulnerable to a flaw it fixed more than three years ago.
CrowdStrike is investigating the incident along FBI.
https://www.techradar.com/pro/security/oracle-quietly-confirms-public-cloud-data-breach-customer-data-stolen
TechRadar
Oracle quietly confirms public cloud data breach, customer data stolen
Oracle has sent out breach notifications
■■■■■ 🔍 Google fixes two Android zero-day bugs actively exploited likely by state sponsored hackers.
https://techcrunch.com/2025/04/08/google-fixes-two-android-zero-day-bugs-actively-exploited-by-hackers/
https://source.android.com/docs/security/bulletin/2025-04-01
CVE-2024-53197
CVE-2024-53150
https://techcrunch.com/2025/04/08/google-fixes-two-android-zero-day-bugs-actively-exploited-by-hackers/
https://source.android.com/docs/security/bulletin/2025-04-01
TechCrunch
Google fixes two Android zero-day bugs actively exploited by hackers | TechCrunch
The most severe security bug can be exploited without user interaction, per Google.
■■■■■ WhatsApp flaw can let attackers run malicious code on Windows PCs.
https://www.whatsapp.com/security/advisories/2025/
https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/
https://www.whatsapp.com/security/advisories/2025/
https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/
WhatsApp.com
WhatsApp Security Advisories 2025
WhatsApp Security Advisories 2025 - List of security fixes for WhatsApp products
■■■■■ CVE-2025-29810: Microsoft has disclosed a significant security vulnerability in Active Directory Domain Services that could allow attackers to elevate their privileges to the system level, potentially gaining complete control over affected systems.
https://cybersecuritynews.com/windows-active-directory-domain-vulnerability-let-attackers-escalate-privileges/
https://cybersecuritynews.com/windows-active-directory-domain-vulnerability-let-attackers-escalate-privileges/
Cyber Security News
Windows Active Directory Domain Vulnerability Let Attackers Escalate Privileges
Microsoft has disclosed a significant security vulnerability in Active Directory Domain Services that could allow attackers to elevate their privileges to the system level, potentially gaining complete control over affected systems. The vulnerability tracked…
Forwarded from The Hacker News
🚨 Europol's Operation Endgame just busted 5+ SmokeLoader customers linked to ransomware, spyware, and crypto theft.
Meanwhile, new malware loaders like ModiLoader, GootLoader, and FakeUpdates are hitting users with phishing, fake installs, and drive-by attacks.
🔗 Full story: https://thehackernews.com/2025/04/europol-arrests-five-smokeloader.html
Meanwhile, new malware loaders like ModiLoader, GootLoader, and FakeUpdates are hitting users with phishing, fake installs, and drive-by attacks.
🔗 Full story: https://thehackernews.com/2025/04/europol-arrests-five-smokeloader.html
Forwarded from The Hacker News
🔥 Gamaredon (aka Shuckworm) hit a Western military mission in Ukraine with a new, stealthier GammaSteel malware, Symantec warns.
📂 Infected USBs → Hidden shortcut traps → Live exfil via Telegram & Telegraph.
🔗 Full story: https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html
📂 Infected USBs → Hidden shortcut traps → Live exfil via Telegram & Telegraph.
🔗 Full story: https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html
Forwarded from The Hacker News
🎲 53% of #DevSecOps teams are gambling with open source security.
New 2025 report from ActiveState reveals:
→ Risky workflows
→ Sluggish MTTD/MTTR
→ Traditional tools are failing fast
Ready to fix faster—without falling behind?
🔗Read now → https://thn.news/vuln-management-2025
New 2025 report from ActiveState reveals:
→ Risky workflows
→ Sluggish MTTD/MTTR
→ Traditional tools are failing fast
Ready to fix faster—without falling behind?
🔗Read now → https://thn.news/vuln-management-2025
Forwarded from The Hacker News
🚨 New npm malware alert: pdf-to-office targets Atomic and Exodus wallets.
➡️ Injects malicious code to hijack crypto transfers.
➡️ Malware persists even after uninstalling.
➡️ 334+ downloads so far.
Supply chain attacks are rising.
Full report: https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html
➡️ Injects malicious code to hijack crypto transfers.
➡️ Malware persists even after uninstalling.
➡️ 334+ downloads so far.
Supply chain attacks are rising.
Full report: https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html
Forwarded from The Hacker News
AI agents aren’t just "tools" anymore — they're your new workforce.
But behind every agent is a non-human identity (NHI) — and that's where real risks live.
🔒 Machine-speed attacks
🔒 Invisible backdoors (Shadow AI)
🔒 Cross-system breaches
Learn how to secure AI at the source ➔ https://thehackernews.com/2025/04/the-identities-behind-ai-agents-deep.html
But behind every agent is a non-human identity (NHI) — and that's where real risks live.
🔒 Machine-speed attacks
🔒 Invisible backdoors (Shadow AI)
🔒 Cross-system breaches
Learn how to secure AI at the source ➔ https://thehackernews.com/2025/04/the-identities-behind-ai-agents-deep.html
Forwarded from The Hacker News
CTM360 just uncovered 16,000+ malicious Android URLs tied to the evolving PlayPraetor campaign.
🛡️ 5 new variants (Phish, RAT, PWA, Phantom, Veil) now target banking, tech, and energy users globally.
The threat is expanding fast.
Read the full report: https://thehackernews.com/2025/04/playpraetor-reloaded-ctm360-uncovers.html
🛡️ 5 new variants (Phish, RAT, PWA, Phantom, Veil) now target banking, tech, and energy users globally.
The threat is expanding fast.
Read the full report: https://thehackernews.com/2025/04/playpraetor-reloaded-ctm360-uncovers.html
Forwarded from Gizchina.com
Next-Gen Chinese Phones To Feature 7,000 mAh Batteries or More
https://www.gizchina.com/2025/04/10/next-gen-chinese-phones-to-feature-7000-mah-batteries-or-more/
https://www.gizchina.com/2025/04/10/next-gen-chinese-phones-to-feature-7000-mah-batteries-or-more/
Forwarded from The Hacker News
🚨 NVIDIA’s critical security fix failed!
NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359).
👀 Admins: Threat actors are watching...
✅ Patch now
✅ Audit your containers
✅ Lock down Docker APIs
Full report ➔ https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html
NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359).
👀 Admins: Threat actors are watching...
✅ Patch now
✅ Audit your containers
✅ Lock down Docker APIs
Full report ➔ https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html
Forwarded from #TBOT: Take Back Our Tech
Media is too big
VIEW IN TELEGRAM
⚡️Web Browsers You Should Be Using
@takebackourtech
Not all web browsers invade your privacy—some are built to protect it. If you’re serious about digital freedom, consider switching to Ungoogled Chromium or Iron Fox, two browsers that strip out tracking while keeping the web functional.
But a private browser alone isn’t enough. Adding uBlock Origin blocks invasive ads and trackers, while Cookie AutoDelete ensures websites don’t store unnecessary data about you.
Get the full breakdown in our Web Browsing for Privacy Lovers webinar.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
@takebackourtech
Not all web browsers invade your privacy—some are built to protect it. If you’re serious about digital freedom, consider switching to Ungoogled Chromium or Iron Fox, two browsers that strip out tracking while keeping the web functional.
But a private browser alone isn’t enough. Adding uBlock Origin blocks invasive ads and trackers, while Cookie AutoDelete ensures websites don’t store unnecessary data about you.
Get the full breakdown in our Web Browsing for Privacy Lovers webinar.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech