Security news.
Today's security news highlights critical patches from major vendors and ongoing exploitation campaigns. Adobe, Citrix, Apple, and Google have released significant updates addressing numerous vulnerabilities, some of which are actively exploited or carry maximum severity ratings. Meanwhile, attackers continue to target
Over 900 Oracle E-Business instances exposed to ongoing attacks
More than 900 Oracle E-Business Suite (EBS) instances are exposed online and targeted by ongoing attacks exploiting a critical security flaw.
Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities
Adobe released security patches for seven maximum-severity vulnerabilities in ColdFusion and Campaign Classic, some of which could lead to arbitrary code execution.
Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack
Citrix has urged customers to patch NetScaler after fixing six vulnerabilities, including a high-severity CitrixBleed-style information disclosure bug and a new HTTP/2 Bomb attack.
Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari
Apple released updates addressing numerous vulnerabilities in WebKit, the kernel, WebRTC, and other components affecting iPhone, iPad, Mac, and Safari users.
Massive Password Spray Campaign Targeting Azure CLI
Hackers launched over 81 million login attempts against Microsoft's Azure command-line interface (CLI) from systems linked to hosting provider LSHIY, compromising dozens of accounts.
Google Patches 382 Chrome Vulnerabilities
Google has released patches for 382 Chrome vulnerabilities, including fifteen critical and 67 high-severity flaws.
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Attackers are exploiting AI models' tendency to "hallucinate" non-existent web addresses by registering these domains and hosting phishing pages on them, a technique dubbed "phantom squatting."
China-Linked Group Targets Southeast Asia Critical Systems
A China-linked threat group has compromised at least 10 organizations in Southeast Asia, including two state-owned entities, deploying a new backdoor.