thecyberexpress

Hacktivist ICS Attacks Target Canadian Critical Infrastructure

Canadian cybersecurity officials are warning that hacktivists are increasingly targeting critical infrastructure in the country. In an October 29 alert, the Canadian Centre for Cyber Security ...
thecyberexpress

Caller ID Spoofing Is a Big Problem. Europol Wants Solutions.

Caller ID spoofing causes nearly $1 billion (EUR 850 million) in financial losses from fraud and scams each year, according to a new Europol position paper that calls for technical and regulatory ...
thecyberexpress

SessionReaper Exploits Erupt as Magento Sites Lag on Patching

Six weeks after Adobe shipped an emergency fix, attackers have begun weaponizing SessionReaper — and most Magento stores still stand exposed. Security firm Sansec’s forensics team said it blocked ...
thecyberexpress

F5 Reveals Nation-State Breach as CISA Orders Agencies to Secure F5 Environments

Security and application delivery vendor F5 revealed today in an SEC filing that a nation-state threat actor had “long-term, persistent access” to some of the company’s most critical environments. The ...
thecyberexpress

Asahi Group Cyberattack Forces Delay in Financial Reporting

Japanese beverage and food giant Asahi Group Holdings has confirmed that a ransomware attack has disrupted its operations and may have led to a leak of personal and financial data. The Asahi Group ...
thecyberexpress

Patch Tuesday October 2025: Three Zero-days Under Attack

Microsoft’s Patch Tuesday October 2025 included fixes for 175 vulnerabilities, including three exploited zero-days and 13 additional high-risk vulnerabilities. The three zero-days under attack were ...
thecyberexpress

Oracle Patches New E-Business Suite Flaw as CL0P Claims Harvard as Victim

Oracle rushed out a patch over the weekend for a new E-Business Suite vulnerability that can be exploited remotely without authentication. The vulnerability – CVE-2025-61884 – carries a 7.5 ...
thecyberexpress

New Polymorphic Malware Undetected by Security Tools

A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote about the malware in a SANS blog post on October 8. At ...
thecyberexpress

‘Payroll Pirate’ Attacks Target U.S. Universities, Diverting Employee Salaries

Microsoft Threat Intelligence has revealed a spate of financially motivated cyberattacks against universities across the United States. The threat actor, known as Storm-2657, is exploiting weak ...
thecyberexpress

Senators Peters and Rounds Introduce Bipartisan Bill to Restore Cybersecurity Protections

In a renewed push to safeguard America’s digital infrastructure, U.S. Senators Gary Peters (D-MI) and Mike Rounds (R-SD) have introduced the Protecting America from Cyber Threats Act — a bipartisan ...
thecyberexpress

Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000

Google’s new AI VRP offers up to $30,000 for finding security flaws in tools like Gemini. Report vulnerabilities, not content issues, for top rewards.
thecyberexpress

Western Sydney University Targeted in Widespread Email Scam Causing Student Distress

Western Sydney University has recently fallen victim to a scam involving fraudulent emails sent to current students and alumni. These emails falsely claimed that recipients’ degrees had been revoked ...