1. Portscanner Online
  2. Latest Cybersecurity News and Articles

Latest Cybersecurity News and Articles

Customer Service Firm 5CA Denies Responsibility for Discord Data Breach

15 October 2025
After being named by Discord as the third-party responsible for the breach, 5CA said none of its systems were involved. The post Customer Service Firm 5CA Denies Responsibility for Discord Data Breach appeared first on SecurityWeek.

Confirmed compromise of F5 network

15 October 2025
The NCSC is advising organisations to follow the guidance issued by F5 and to install the latest security updates.

How Attackers Bypass Synced Passkeys

15 October 2025
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong

ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

15 October 2025
Over 20 advisories have been published by industrial giants this Patch Tuesday. The post ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact appeared first on SecurityWeek.

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

15 October 2025
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft

Capita fined £14m for data protection failings in 2023 cyber-attack

15 October 2025
Capita fined £14m for data protection failings in 2023 cyber-attack Hackers stole personal information of 6.6m people but outsourcing firm did not shut device targeted for 58 hoursThe outsourcing company Capita has been fined £14m for data protection failings after hackers stole the personal information of 6.6 million people, including staff details and those of its clients’ customers.John Edwards, the UK information commissioner who levied the fine, said the March 2023 data theft from the group and companies it supported, including 325 pension providers, caused anxiety and stress for those affected. Continue reading...

High-Severity Vulnerabilities Patched by Fortinet and Ivanti

15 October 2025
Fortinet and Ivanti have announced their October 2025 Patch Tuesday updates, which patch many vulnerabilities across their products.  The post High-Severity Vulnerabilities Patched by Fortinet and Ivanti appeared first on SecurityWeek.

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

15 October 2025
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system. "The vulnerabilities affect Red Lion SixTRAK and VersaTRAK

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

15 October 2025
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

15 October 2025
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization. "Due to a deserialization vulnerability in SAP NetWeaver, an

Adobe Patches Critical Vulnerability in Connect Collaboration Suite

15 October 2025
Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio. The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek.

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws

15 October 2025
The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects. The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek.

Patch Tuesday, October 2025 ‘End of 10’ Edition

14 October 2025
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.

180,000 Records of PII and Payment Information Exposed

14 October 2025
Approximately 180,000 records containing PII and payment data were exposed. 

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

14 October 2025
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded

HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device

14 October 2025
Investors are placing bets on a hardware-based approach to data security in a market dominated by software solutions for ransomware resilience. The post HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device appeared first on SecurityWeek.

Cybereason Acquired by MSSP Giant LevelBlue

14 October 2025
This is LevelBlue’s third acquisition this year, after Trustwave and Aon’s Cybersecurity & IP Litigation Consulting groups. The post Cybereason Acquired by MSSP Giant LevelBlue appeared first on SecurityWeek.

SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM

14 October 2025
SAP has rolled out additional protections for insecure deserialization bugs resolved in NetWeaver AS Java recently. The post SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM appeared first on SecurityWeek.

Fraud Prevention Firm Resistant AI Raises $25 Million

14 October 2025
Resistant AI will use the funding to expand its fraud detection and transaction monitoring offerings to new markets. The post Fraud Prevention Firm Resistant AI Raises $25 Million appeared first on SecurityWeek.

Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack

14 October 2025
Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website. The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.