A critical security flaw (CVE-2025-27237) in Zabbix Agent and Agent 2 for Windows lets attackers with local access escalate privileges through DLL injection attacks. The vulnerability, scored 7.3 (High), affects versions 6.0.0-6.0.40, 7.0.0-7.0.17, 7.2.0-7.2.11, and 7.4.0-7.4.1.

The issue stems from improper handling of OpenSSL configuration files, where low-privileged users can modify the config path to inject malicious DLLs. When the agent restarts, it loads the malicious code with elevated system privileges.

Zabbix has released patches (versions 6.0.41, 7.0.18, 7.2.12, and 7.4.2) that fix the access controls. System administrators should update immediately, as no workarounds exist for this widespread enterprise monitoring solution vulnerability.

Source: Cyber Security News

UK schools are facing a cyber security crisis, with 60% of secondary schools suffering attacks or breaches in the past year, according to new government data. The numbers are even worse for colleges (80%) and universities (90%), compared to just 40% of private businesses.

Phishing emails targeting passwords are the most common attack method. Recent ransomware hits include West Lothian council's education network and several universities like Newcastle and Manchester. Experts say schools aren't deliberately targeted but get "caught up in the dragnet" of opportunistic cybercrime.

Funding pressures leave state schools particularly vulnerable, while universities face risks from thousands of students who may lack cyber awareness. The government is considering banning ransomware payments for public institutions.

Source: The Guardian

Security researchers at LayerX discovered a dangerous vulnerability called "CometJacking" that weaponizes Perplexity's AI-powered Comet browser against users. The attack works through a single malicious URL that tricks the browser's AI assistant into stealing personal data from connected services like Gmail and Google Calendar.

Unlike traditional browser attacks, CometJacking exploits the trust relationship between users and their AI assistants. When someone clicks the malicious link, hidden commands in the URL instruct the AI to access user memory and encode stolen data using base64 before sending it to attacker-controlled servers.

Researchers successfully demonstrated email theft and calendar harvesting during testing. LayerX reported the vulnerability to Perplexity in August 2025, but the company initially dismissed it as having "no security impact."

Source: Cybersecurity News

A Chinese cybercrime group called UAT-8099 is hijacking web servers at universities, tech companies, and telecom providers worldwide to run a sophisticated dual-purpose operation. The hackers exploit vulnerable Internet Information Services (IIS) servers, then install "BadIIS" malware that floods search engines with gambling-related spam terms while redirecting unsuspecting users to illegal gambling sites.

The attack is particularly clever because legitimate visitors see nothing unusual, making it nearly invisible to website owners. Meanwhile, the hackers steal sensitive data including credentials and certificates for future attacks or dark web sales.

Victims span multiple countries including Brazil, Canada, India, Thailand, and Vietnam. Security experts warn that the same vulnerabilities could be exploited for more damaging attacks like credential theft or website defacement.

Source: Dark Reading

Japan's most popular beer brand Asahi could run out within hours after a cyber attack on Monday shut down dozens of factories nationwide. The breach disabled ordering and delivery systems, forcing supermarkets and izakayas (Japanese pubs) to face potential shortages.

One wholesaler expects to exhaust beer kegs by Saturday, while Tokyo izakaya owner Akira Kudo already can't get one of his regular Asahi brands. The company suspended launches of new products including soft drinks and coffee.

Asahi executives are working with police to investigate possible ransomware, stressing no customer data leaked. With Japanese consumers drinking 34.5 liters of beer annually and Asahi commanding fierce loyalty, retailers fear panic buying as they consider stocking alternative brands.

Source: Sky News

Oracle confirmed that customers using its E-Business Suite software have received extortion emails claiming sensitive data theft. The company's investigation suggests attackers exploited known vulnerabilities that were patched in Oracle's July 2025 Critical Patch Update, which fixed around 200 flaws.

Google Threat Intelligence and Mandiant researchers discovered the extortion campaign, with emails allegedly coming from the notorious Cl0p cybercrime group and sent from accounts linked to FIN11. While researchers haven't verified the hackers' theft claims, both groups have previously targeted enterprise software vulnerabilities.

Oracle's July update addressed nine E-Business Suite vulnerabilities, including three remotely exploitable flaws without authentication and three high-severity issues. This follows Oracle's earlier admission that hackers stole data from a legacy cloud environment.

Source: SecurityWeek

Phishing attacks are rapidly shifting from email to mobile platforms, with 41% of incidents now using multichannel tactics including SMS (smishing), voice calls (vishing), and QR codes (quishing). These mobile-first attacks bypass traditional email security defenses that enterprises spend millions on annually.

The three fastest-growing attack methods all target mobile devices directly. Smishing uses text messages disguised as trusted contacts or urgent alerts. Vishing employs spoofed phone calls from fake executives or IT departments. Quishing tricks users into scanning malicious QR codes that feel routine and safe.

While the global email security market is expected to grow from $5.17 billion to $10.68 billion by 2032, mobile security investment remains minimal. This creates a dangerous blind spot as attackers exploit the human layer where users are most distracted and vulnerable on their phones.

Source: Dark Reading

Cybercriminals calling themselves Radiant have deleted stolen data from thousands of children at UK-based Kido nurseries after facing widespread criticism from both the public and fellow hackers. The gang had demanded £600,000 in bitcoin from Kido but removed the sensitive information from their extortion website following a backlash.

Even other criminals on underground forums told Radiant to stop targeting children, with one hacker writing "reputation important, don't attack child right." The group apologized, saying "We are sorry for hurting kids" and confirmed all data on under-19s had been deleted.

Cybersecurity experts say the move wasn't kindness but damage control, as targeting children hurt the group's credibility in criminal circles.

Source: The Guardian

Cybercriminals claiming ties to the notorious Cl0p ransomware group are extorting executives at numerous companies, alleging they've stolen sensitive data from Oracle E-Business Suite systems. The campaign began around September 29, using hundreds of compromised email accounts linked to the FIN11 cybercrime gang.

Google's Threat Intelligence Group and Mandiant are investigating but can't yet verify the hackers' claims. Oracle E-Business Suite is used by thousands of organizations worldwide to manage business operations, making this a potentially massive security incident.

Both Cl0p and FIN11 have history with similar attacks, previously exploiting zero-day vulnerabilities in MOVEit, Cleo, and other file transfer tools to steal data from millions of users across thousands of companies.

Source: SecurityWeek

A Chinese state-sponsored group called 'Phantom Taurus' has been conducting sophisticated espionage operations against government and telecommunications organizations across Africa, the Middle East, and Asia for over two years. What makes this group unique is their use of unconventional tactics that differ from typical Chinese hacking methods, helping them stay under the radar.

The hackers recently deployed Net-Star, a powerful .NET malware suite that targets IIS web servers through three backdoors, including one that operates entirely in computer memory. They're particularly interested in diplomatic communications and defense intelligence, often timing their attacks around major global events. The group has successfully infiltrated email servers and databases at high-value targets like foreign ministries and embassies.

Source: Security Week