Introduction: what happened Gladinet has released security updates for its CentreStack file-sharing platform (and Triofox) to fix an actively exploited local file inclusion (LFI) vulnerability tracked as CVE-2025-11371. Attackers were abusing this flaw in the wild to read Web.config, recover…
Introduction: what happened at Prosper Prosper—one of the earliest U.S. peer-to-peer lending platforms—disclosed a cybersecurity incident identified on September 1, 2025. Subsequent reporting and regulator disclosures indicate an unauthorized party accessed systems holding proprietary and confidential information. Have I Been…
Introduction: what’s the problem? CISA has added CVE-2025-54253—a maximum-severity (CVSS 10.0) flaw in Adobe Experience Manager (AEM) Forms on JEE—to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation. Adobe fixed the issue with an out-of-band update in early August…
Introduction: the problem and definition Google’s Threat Intelligence Group (GTIG) reports that a North Korea–linked threat cluster tracked as UNC5342 has adopted “EtherHiding”—a technique that stores malicious code and control data inside smart contracts on public blockchains (notably Ethereum and…
Introduction: What happened and why it matters Harvard University has confirmed it was affected by a broader cyber campaign exploiting a zero-day in Oracle’s E-Business Suite (EBS). The CL0P extortion group claims to have exfiltrated ~1.3 TB of Harvard data…
Introduction: what happened and why it matters The UK Information Commissioner’s Office (ICO) has fined outsourcing giant Capita a combined £14 million for “failing to ensure the security of personal data” during a March 2023 cyberattack later claimed by the…
Introduction — what happened and why it matters Microsoft’s October 2025 Patch Tuesday is one of the year’s largest. Depending on how vendors count (Microsoft-only vs. including non-Microsoft and Edge/Chromium items), the release addresses roughly 172 to 193 vulnerabilities and…