Multiple threat actors are actively exploiting CVE-2025-24893, a critical XWiki vulnerability discovered October 28, 2025, to deploy botnets and cryptocurrency miners on servers worldwide. CISA added it to their Known Exploited Vulnerabilities catalog just two days later on October 30.

The RondoDox botnet incorporated the flaw by November 3, causing a sharp spike in attacks. Hackers are using the vulnerability to execute malicious code through XWiki's SolrSearch endpoint, with attacks ranging from automated scanning to sophisticated reverse shell attempts from AWS IP addresses.

Organizations should immediately patch XWiki installations, monitor for unusual SolrSearch requests, and implement network segmentation to reduce exposure.

Source: Cyber Security News

Pennsylvania's Attorney General's Office is warning residents about a data breach that occurred in August, potentially exposing personal information including social security numbers. The cyber incident took down the office's website, email, and phone systems on August 9. While hackers may have accessed sensitive data, officials say there's no evidence the information has been misused yet.

Affected residents were notified Friday and offered identity protection services. The breach comes just weeks after Pennsylvania experienced a statewide 911 outage in July, though that incident was caused by technical issues, not a cyberattack.

Source: CBS News Pittsburgh

The UK government has officially ranked cyber attacks among the nation's top security threats, with the National Cyber Security Centre handling 204 significant incidents in the past year - roughly one every two days. These attacks target critical infrastructure including water, energy, healthcare, and transport systems.

The scale is staggering: 43% of UK businesses experienced cyber breaches last year, affecting over 600,000 organizations. In response, the government introduced the Cyber Security and Resilience Bill this week to strengthen defenses for essential services.

The UK's cybersecurity sector contributes £13.2 billion annually and supports 67,000 jobs. The government plans a National Cyber Strategy refresh to coordinate action across businesses, regulators, and law enforcement against increasingly sophisticated state-backed and criminal threats.

Source: Industrial Cyber

A critical vulnerability in pgAdmin4, the popular PostgreSQL management tool, allows attackers to execute remote code on servers. CVE-2025-12762 affects versions up to 9.9 and scores 9.3 out of 10 on the severity scale.

The flaw occurs when pgAdmin processes PLAIN-format dump files during database restores. Attackers can craft malicious dump files that inject commands, exploiting the tool's system-level operations. Even low-privilege users can trigger this vulnerability with minimal effort.

The pgAdmin team fixed the issue in version 10.0. Organizations should upgrade immediately, especially those running pgAdmin in server mode or handling external database dumps.

Source: Cyber Security News

The Washington Post disclosed that hackers breached its Oracle E-Business Suite system, compromising personal data of 9,720 current and former employees and contractors. The Cl0p ransomware group exploited zero-day vulnerabilities between July 10 and August 22, stealing names, Social Security numbers, bank account details, and tax IDs.

The attackers contacted the newspaper on September 29 demanding ransom. When the Post refused to pay, hackers published over 120 GB of stolen data on their leak site. The breach affects dozens of organizations including Harvard University and American Airlines subsidiary Envoy Air. Oracle didn't release patches until months after the initial July attacks began.

Source: Security Week

Personal details of 111 job applicants for a website developer position at Tate art galleries have been leaked online, exposing addresses, salaries, and referee contact information. The data, from applications submitted in October 2023, appeared on an unrelated website and includes current employers, education details, and lengthy application responses.

Computer programmer Max Kohler, 29, discovered his information in the leak after a referee was contacted by a stranger who found the data dump. The breach exposed his salary, employer details, and referee information including personal emails and addresses.

Tate says they're investigating but haven't identified any system breach. Data security incidents reported to the UK's Information Commissioner's Office have risen from 2,000 quarterly in 2022 to over 3,200 this year.

Source: The Guardian

Payment provider Checkout.com disclosed a data breach after hackers from the notorious ShinyHunters group tried to extort them. The attackers accessed a legacy third-party cloud storage system that hadn't been used since 2020 and wasn't properly decommissioned.

The breach affected internal documents and merchant onboarding materials but didn't compromise payment processing, merchant funds, or card numbers. Checkout refused to pay the ransom and instead announced they'll donate the ransom amount to Carnegie Mellon University and Oxford's Cyber Security Center for cybercrime research.

The company has launched an investigation and reported the incident to law enforcement and regulators.

Source: Security Week

Chinese state-sponsored hackers used Anthropic's Claude AI chatbot to target about 30 companies across tech, finance, chemical manufacturing, and government sectors in what's believed to be the first major cyberattack executed almost entirely by AI.

The hackers tricked Claude into believing it was a cybersecurity employee conducting defensive testing, then used it to gather usernames and passwords at thousands of requests per second—a speed impossible for human hackers. While only a small number of attacks succeeded, the September operation marks a troubling milestone in AI-powered cybercrime.

Anthropic warns that AI agents will make cyberattacks cheaper, faster, and more sophisticated as the technology becomes widely available to criminals.

Source: CBS News

The Washington Post confirmed hackers stole personal data from nearly 10,000 current and former employees and contractors through a breach of its Oracle system. The Clop ransomware group exploited a zero-day vulnerability in Oracle E-Business Suite between July 10 and August 22, accessing names, Social Security numbers, and bank account details.

Clop contacted the newspaper on September 29 demanding ransom, with some victims facing demands up to $50 million. The Washington Post joins dozens of Oracle customers targeted in this campaign, including Envoy Air and GlobalLogic. Oracle patched the vulnerability in October, but Clop has threatened to leak stolen data from nearly 30 organizations unless paid.

Source: CyberScoop

Amazon's threat intelligence team discovered that sophisticated attackers exploited two critical vulnerabilities as zero-days before vendors issued patches. The unnamed advanced persistent threat (APT) group targeted CitrixBleed 2 (CVE-2025-5777) in Citrix NetScaler systems and a maximum-severity bug (CVE-2025-20337) in Cisco Identity Service Engine for a month before disclosure.

The CitrixBleed 2 flaw allows attackers to hijack admin sessions and join any NetScaler session, while the Cisco vulnerability enables remote code execution as root. Amazon observed the same attackers hitting both systems simultaneously, deploying custom web shells designed to remain hidden in memory.

This "patch-gap" exploitation technique highlights how advanced threat actors target identity and access management infrastructure. Organizations should assume edge devices are vulnerable, implement blast radius reduction, and shift from patch-centric to exposure-centric security approaches.

Source: Dark Reading