Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. […]
Microsoft shares workaround for Teams “couldn’t connect” error
Microsoft is resolving a known issue that causes “couldn’t connect” errors when launching the Microsoft Teams desktop and web applications. […]
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper.
But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red Canary said in
But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red Canary said in
Elastic rejects claims of a zero-day RCE flaw in Defend EDR
Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. […]
OpenAI releases $4 ChatGPT plan, but it’s not available in the US for now
OpenAI has finally announced the GPT Go subscription, which costs just $4 in the US or INR 399 in India. […]
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT.
The malicious activity involves the “distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger,” Kaspersky researcher Saurabh Sharma said in a technical analysis published today.
The
The malicious activity involves the “distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger,” Kaspersky researcher Saurabh Sharma said in a technical analysis published today.
The
Pharma firm Inotiv says ransomware attack impacted operations
American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company’s business operations. […]
Microsoft Dissects PipeMagic Modular Backdoor
PipeMagic, which poses as a ChatGPT application, is a modular malware framework that provides persistent access and flexibility.
The post Microsoft Dissects PipeMagic Modular Backdoor appeared first on SecurityWeek.
Microsoft: August security updates break Windows recovery, reset
Microsoft has confirmed that the August 2025 Windows security updates are breaking reset and recovery operations on systems running Windows 10 and older versions of Windows 11. […]
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft.
The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said.
The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said.
CVE-2025-31324 (CVSS score: 10.0) – Missing