Salesforce refuses extortion demand over 1 billion records breach

Salesforce has announced it will not pay a ransom demanded by a cybercrime group claiming to have stolen around 1 billion records from its customers. The group, known as Scattered LAPSUS$ Hunters, set a deadline of Friday for payment to avoid data leaks. This stance comes amid rising global ransomware incidents and expert warnings against funding criminals.

Kali Linux 2025.3 releases Gemini CLI for automated pentesting

7. Oktober 2025 Von KI berichtet

The latest Kali Linux update, version 2025.3, introduces Gemini CLI, an open-source tool that integrates Google's Gemini AI into the terminal. This innovation automates penetration testing tasks like reconnaissance and vulnerability scanning using natural language prompts. Security professionals can now streamline workflows while maintaining control over assessments.

Microsoft announces premium 365 features and security store

4. Oktober 2025 Von KI berichtet

Microsoft has unveiled Microsoft 365 Premium, a new subscription tier with advanced AI capabilities, alongside the launch of the Microsoft Security Store, an online marketplace for security solutions. These announcements aim to enhance productivity and cybersecurity for businesses. The moves come as part of Microsoft's ongoing push into AI-integrated services.

HHS announces voluntary cybersecurity goals for healthcare

The U.S. Department of Health and Human Services has released a set of voluntary cybersecurity performance goals aimed at bolstering protections in the healthcare sector. These goals address the rising tide of cyberattacks targeting patient data and critical infrastructure. Developed in collaboration with federal partners, they provide a framework for organizations to enhance their defenses.

Microsoft warns of payroll pirate scam targeting university employees

11. Oktober 2025 Von KI berichtet

Microsoft has alerted organizations to a phishing campaign dubbed 'Payroll Pirate' that compromises Workday accounts to divert employee paychecks. The scam, active since March 2025, has affected accounts at multiple universities. Attackers use sophisticated tactics to bypass multi-factor authentication and hide their changes.

CISA adds Oracle and other flaws to exploited vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added vulnerabilities from Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft Internet Explorer to its Known Exploited Vulnerabilities catalog. This action requires federal agencies to address these flaws by October 27, 2025, to mitigate risks from ongoing exploits. Among the additions is a critical Oracle vulnerability recently patched after exploitation by ransomware actors.

UK tribunal orders Apple to hand over iCloud data

4. Oktober 2025 Von KI berichtet

A UK tribunal has ruled that Apple must provide access to iCloud data for law enforcement purposes, prompting strong disapproval from the company. The decision revives concerns over encryption backdoors and user privacy in the digital age. Apple has described the order as a significant setback for data protection.

Kraftwerk in Karlskrona von Cyberangriff betroffen

4. Oktober 2025 Von KI berichtet

Ein kombiniertes Heiz- und Kraftwerk in Karlskrona, bekannt als Mältan, wurde von einem Cyberangriff heimgesucht, der den Betrieb über Nacht störte. Die Polizei untersucht den Vorfall als mutmaßliche IT-Kriminalität. Das Werk versorgt das Gebiet mit Fernwärme und Strom.

Cl0p ransomware group claims breach of Oracle E-Business Suite

3. Oktober 2025 Von KI berichtet

The Cl0p ransomware group has claimed responsibility for hacking Oracle's E-Business Suite, asserting that it stole sensitive data from companies using the application. The hackers are now notifying affected victims and demanding ransoms to prevent data leaks. Oracle has not yet confirmed the breach.

Hyperliquid user loses $21 million to hackers after private key breach

A user on the Hyperliquid platform has suffered a major cryptocurrency theft, losing $21 million following a breach of their private key. The incident highlights ongoing vulnerabilities in crypto wallet security. Blockchain analysts have traced the stolen funds through on-chain transactions.