Aggregator
CVE-2024-44308 | Apple macOS on Intel Web Content Remote Code Execution (Nessus ID 211691)
CVE-2024-44308 | Apple iOS/iPadOS on Intel Web Content Remote Code Execution (Nessus ID 211691)
CVE-2024-44308 | Apple visionOS on Intel Web Content Remote Code Execution (Nessus ID 211691)
MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up
MITRE ATT&CK v18 is deprecating Defense Evasion (TA0005). Learn about the new Stealth and Impair Defenses tactics and what SOC teams need to do next.
The post MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up appeared first on D3 Security.
The post MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up appeared first on Security Boulevard.
TP-Link warns of critical command injection flaw in Omada gateways
Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT
A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit trusted governmental relationships. The campaign focuses on organizations within energy, mining, […]
The post Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT appeared first on Cyber Security News.
Defakto Raises $30.75M to Lead Non-Human Identity Space
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.
Russian Disinformation Followed Drone Incursion of Poland
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.
Defakto Raises $30.75M to Lead Non-Human Identity Space
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.
Russian Disinformation Followed Drone Incursion of Poland
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.
How Adaptable is Your Secrets Security Strategy?
Are You Safeguarding Non-Human Identities Effectively in Your Cloud Environment? Enterprises often ask whether their secrets security strategy is truly adaptable. Traditionally, cybersecurity has revolved around human identities, but the rise of digital transformation has cast a spotlight on Non-Human Identities (NHIs). These machine identities, comprising encrypted secrets such as tokens or keys, serve as […]
The post How Adaptable is Your Secrets Security Strategy? appeared first on Entro.
The post How Adaptable is Your Secrets Security Strategy? appeared first on Security Boulevard.
Why Banks Are Embracing Blockchain They Once Rejected
Aussie Fluid Power Hit by Cyberattack; Anubis Ransomware Group Claims Responsibility
Electronic Warfare Puts Commercial GPS Users on Notice
Oracle October 2025 Critical Patch Update Addresses 170 CVEs
Oracle addresses 170 CVEs in its final quarterly update of 2025 with 374 patches, including 40 critical updates.
BackgroundOn October 21, Oracle released its Critical Patch Update (CPU) for October 2025, the fourth and final quarterly update of the year. This CPU contains fixes for 170 unique CVEs in 374 security updates across 29 Oracle product families. Out of the 374 security updates published this quarter, 10.7% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 46.3%, followed by high severity patches at 39.0%.
This quarter’s update includes 40 critical patches across 12 CVEs.
SeverityIssues PatchedCVEsCritical4012High14657Medium17391Low1510Total374170AnalysisThis quarter, the Oracle TimesTen In-Memory Database product family contained the highest number of patches at 73, accounting for 19.5% of the total patches, followed by Oracle Spatial Studio at 64 patches, which accounted for 17.1% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
Oracle Product FamilyNumber of PatchesRemote Exploit without AuthOracle TimesTen In-Memory Database7347Oracle Spatial Studio6446Oracle Construction and Engineering3329Oracle E-Business Suite2017Oracle Insurance Applications187Oracle Java SE187Oracle JD Edwards1814Oracle Retail Applications163Oracle Secure Backup92Oracle Communications Applications96Oracle Supply Chain90Oracle Enterprise Manager85Oracle HealthCare Applications85Oracle Hyperion86Oracle MySQL88Oracle Commerce77Oracle Health Sciences Applications74Oracle Database Server62Oracle GoldenGate62Oracle Analytics53Oracle Hospitality Applications55Oracle Essbase42Oracle Communications32Oracle Financial Services Applications31Oracle Fusion Middleware33Oracle Siebel CRM32Oracle Graph Server and Client10Oracle REST Data Services10Oracle PeopleSoft11Oracle E-Business Zero-Day VulnerabilitiesAs part of its CPU release for October, Oracle noted the publication of two separate out-of-band Security Alerts for its E-Business Suite (EBS) to address two zero-day vulnerabilities, CVE-2025-61882 on October 4, and CVE-2025-61884 on October 11, that were exploited in the wild. For more information about these EBS zero-day vulnerabilities, please refer to our FAQ blog post, CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities.
SolutionCustomers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the October 2025 advisory for full details.
Identifying affected systemsA list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.
Get more information- Oracle Critical Patch Update Advisory - October 2025
- Oracle October 2025 Critical Patch Update Risk Matrices
- Oracle Advisory to CVE Map
Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Robocalling task force bill advances in Senate
The Foreign Robocall Elimination Act would create a new task force and give policymakers granular insight into the notoriously complex telecommunications ecosystem.
The post Robocalling task force bill advances in Senate appeared first on CyberScoop.
Sinobi
You must login to view this content