Cybersecurity News | CyberSecured 24x7

22 Oct

Canada Fines Cybercrime Friendly Cryptomus $176M

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there. On October 16, the Financial…

21 Oct

CISA Releases 10 Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released 10 Industrial Control Systems (ICS) advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-294-01 Rockwell Automation 1783-NATR ICSA-25-294-02 Rockwell Automation Compact GuardLogix 5370 ICSA-25-294-03 Siemens SIMATIC S7-1200 CPU V1/V2 Devices ICSA-25-294-04 Siemens RUGGEDCOM ROS Devices ICSA-25-294-05 CloudEdge Online Cameras and App ICSA-25-294-06 Raisecomm RAX701-GC Series ICSMA-25-294-01 Oxford Nanopore Technologies MinKNOW ICSA-25-035-07 Schneider Electric Pro-Face GP-Pro EX and Remote HMI (Update A) ICSA-24-354-07 Schneider Electric Modicon Controllers…

17 Oct

Email Bombs Exploit Lax Authentication in Zendesk

Information, Insights

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different…

16 Oct

AISLE Emerges From Stealth With AI-Based Reasoning System to Remediate Vulnerabilities on the Fly

Information, News

AISLE has emerged from stealth with a new AI-based cyber reasoning system (CRS). The term CRS originates from DARPA’s Cyber Grand Challenge, held in 2016 and designed for research into systems able to detect, exploit, and patch software vulnerabilities in real time. Since that Challenge, AI-driven software has become mainstream, and AISLE’s new CRS is described as an “AI-native cyber reasoning system that autonomously identifies, triages and remediates with verification both known and zero-day application…

15 Oct

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

Attacks, Insights, Malware

Today, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5. A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability information, which provides the actor with a technical advantage…

14 Oct

Patch Tuesday, October 2025 ‘End of 10’ Edition

Information, Insights

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you’re running a Windows 10 PC and you’re unable or unwilling to migrate to Windows 11, read on for other options. The first zero-day bug addressed this month…

10 Oct

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

Information, Insights

The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of…

10 Oct

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

Information, News

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. Here are this…

10 Oct

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign

Information, News

Three exploitation campaigns targeting Cisco and Palo Alto Networks firewalls and Fortinet VPNs originate from IPs on the same subnets, GreyNoise has discovered. The threat intelligence firm initially warned of scanning attempts targeting Cisco ASA devices in early September, roughly three weeks before Cisco disclosed two zero-day vulnerabilities impacting Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. The bugs, tracked as CVE-2025-20333 (CVSS score of 9.9) and CVE-2025-20362 (CVSS score…

10 Oct

Juniper Networks Patches Critical Junos Space Vulnerabilities

Information, News

Juniper Networks has announced patches for nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical-severity flaws affecting Junos Space. More than 200 security defects were resolved in Junos Space and Junos Space Security Director, Juniper’s October 2025 security advisories, published as part of the company’s predefined quarterly schedule, reveal. Junos Space version 24.1R4 was rolled out with fixes for 24 cross-site scripting (XSS) issues, including a critical-severity bug (CVE-2025-59978, CVSS…

CyberSecurity Updates

Canada Fines Cybercrime Friendly Cryptomus $176M

CISA Releases 10 Industrial Control Systems Advisories

Email Bombs Exploit Lax Authentication in Zendesk

AISLE Emerges From Stealth With AI-Based Reasoning System to Remediate Vulnerabilities on the Fly

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

Patch Tuesday, October 2025 ‘End of 10’ Edition

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign

Juniper Networks Patches Critical Junos Space Vulnerabilities

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources