The Hacker News

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike links Oracle EBS CVE-2025-61882 (CVSS 9.8) to Cl0p with moderate confidence; CISA adds to KEV, patch by Oct 27, ...

Protect yourself from sneaky web injection scams

Online banking users face a new threat: web injection scams that overlay fake pop-ups to steal logins. Here’s how to spot ...

CommetJacking attack tricks Comet browser into stealing emails

A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that ...
The Hacker News

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is ...
CSO Online

Gemini Trifecta: AI autonomy without guardrails opens new attack surface

Three vulnerabilities in Google’s Gemini AI tools exposed risks in Cloud Assist, Search, and Browsing — allowing prompt ...

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in ...
SecurityWeek

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks

Oracle E-Business Suite attack confirmed to be the work of Cl0p and Oracle has admitted that a zero-day has been exploited.
Infosecurity Magazine

Gemini Trifecta Highlights Dangers of Indirect Prompt Injection

The first indirect prompt injection vulnerability affects Gemini Cloud Assist: a tool designed to help users understand ...