TechNadu

⚠️ Hackers weaponize Velociraptor DFIR tool - linking to LockBit, Warlock & Babuk ransomware attacks

Researchers at Sophos & Cisco Talos traced it to Storm-2603, using SharePoint exploits and outdated Velociraptor builds for privilege escalation.

#CyberSecurity #ThreatIntel #Infosec #CyberAwareness

⚠️ SonicWall VPN compromise detected - impacting 100+ accounts across multiple networks.

Huntress warns attackers used valid credentials, some performing scanning & lateral movement, linked to Akira ransomware campaigns.

#CyberSecurity #VPN #Ransomware #Infosec #CyberAwarenes

🇦🇺 Australia’s privacy enforcement just made history.
Australian Clinical Labs (ACL) fined AU$5.8M ($3.8M USD) for a ransomware-linked data breach exposing 223K patients.
The Privacy Commissioner called it a “turning point” for the country’s digital accountability.

#CyberSecurity #DataBreach

🧩 Awareness is easy - resilience is hard.

This week’s cybersecurity headlines prove it:
AI misuse, cloud gaps, ransomware arrests, and data leaks dominate the landscape.

💬 How do you define resilience in your organization’s security posture?

#CyberSecurity #Infosec #AIsecurity #DataBreach

⚠️ Payroll Pirates on the prowl!
Storm-2657 is hijacking U.S. university payrolls via Workday accounts using phishing, MFA bypass, and stealth inbox rules.
💬 How would you secure sensitive HR SaaS accounts? Comment below & follow TechNadu for ongoing threat intelligence coverage.
#Cybersecurity

⚠️ Massive botnet alert: Over 100,000 IPs across 100+ countries are launching coordinated RDP attacks against U.S. infrastructure, per GreyNoise.

This isn’t brute-force - it’s a synchronized operation with centralized control and shared TCP fingerprints.

#Cybersecurity #Infosec #CyberAwareness

🚨 Record-breaking DDoS alert: Aisuru botnet just peaked at 29.6 Tbps, powered by infected IoT devices on major U.S. ISPs.

Experts say outbound DDoS traffic is now a bigger issue than inbound floods - and few providers are ready.
💬 Should ISPs be required to block outbound attack traffic?

#InfoSec

🚨 Threat update: 175 malicious npm packages (26k downloads) used to host redirect scripts on unpkg — part of Beamglea phishing campaign. Attackers automated package generation, embedding victim emails in hosted JS to increase phishing success.

#phishing #cybersecurity #infosec #ThreatIntel

🚨 Austria rules Microsoft broke EU law over student data
The DSB says Microsoft 365 Education violated GDPR by tracking students via cookies and denying access to their personal data.
💬 What’s your take - can Big Tech ever truly comply with EU privacy standards in education?

#Microsoft #Privacy

🚨 Texas Cyber Incident
Sugar Land, TX confirms a cyberattack impacting city services like bill pay and permits.
Critical systems (911, police, fire) remain functional.
Texas has seen repeated ransomware hits across multiple cities in 2025.

#CyberAttack #InfoSec #CyberThreat #CyberAlert

Top Cybersecurity Updates Today
💥 CL0P ransomware exploited Oracle E-Business Suite zero-day (CVE-2025-61882)-100+ orgs impacted.
⚖️ FBI seizes BreachForums, but ShinyHunters threaten Salesforce data leak Oct 10
🤖 Research shows LLMs can be poisoned by small data samples-redefining AI threat models.

Stealit Malware Abuses Node.js Single Executable Application, Disguised as Games and VPNs on  File-Sharing Sites A new Stealit malware campaign is using Node.js Single Executable Application (SEA) for distribution and advanced data theft.

Read more: www.technadu.com/stealit-malw...

How are you detecting or mitigating threats hidden in Node.js or SEA-based apps? Share your thoughts below.
#CyberSecurity #Malware #NodeJS #Stealit #RAT #ThreatIntel #TechNadu

Stealit malware abuses Node.js SEA to disguise RATs in games & VPNs. Steals browser & crypto data, allows remote access, and continuously evolves to evade defenses.

#CyberSecurity #Malware #NodeJS #Stealit #TechNadu

🚨 SpainData Leak Exposed
Spanish police arrested two minors for leaking data of PM Pedro Sánchez and ministers via Telegram.
Hacker “N4t0X” allegedly built a tool exposing millions of citizens’ details.
Cyberterrorism charges have been filed in related cases.
#CyberCrime #DataLeak #Privacy

🌱 From soil to satellite - innovation in action.

Class 12 student Sharanya Mehta built a smart irrigation system using sensors and satellite data to help farmers in Haryana save water and fuel while improving crop yield.
When empathy meets engineering, the results are remarkable.

#AgriTech #STEM

LLM Data Poisoning Risk: LLMs Can Be Poisoned by Small Samples, Research Shows New research from Anthropic reveals that a small number of malicious documents can create backdoor vulnerabilities in LLMs, posing significant AI security risks.

Full article: www.technadu.com/llm-data-poi...

How can organizations secure their AI models from poisoned training data? Share your perspective below.
#AIsecurity #LLM #Anthropic #CyberSecurity #MachineLearning #DataPoisoning #TechNadu

A small number of malicious files - just 250 - can poison large language models, introducing hidden backdoors and manipulated outputs.

Anthropic and UK AI Security Institute research warns this threat scales with model size.

#AIsecurity #LLM #Anthropic #DataPoisoning #CyberSecurity #TechNadu

FBI Seizes BreachForums as ShinyHunters Retaliate With Salesforce Extortion Threats The FBI seized BreachForums. Its administrators, ShinyHunters, confirmed the seizure but still threaten to leak Salesforce data.

Full story: www.technadu.com/fbi-seizes-b...

#CyberSecurity #DataBreach #FBI #ShinyHunters #SalesforceSecurity #InfoSec #TechNadu

The FBI has seized BreachForums, but ShinyHunters claims Salesforce extortion & data leak will continue on Oct 10, 2025. All database backups since 2023 were compromised.

#CyberSecurity #DataBreach #FBI #ShinyHunters #Salesforce #InfoSec #TechNadu

Fake VPN and Streaming App Spreads Malware Targeting Android Banking A fake VPN and IPTV app installs malware on Android, enabling remote access, targeting Android banking accounts.

Details: www.technadu.com/fake-vpn-spr...

This incident highlights the risks of unverified VPN and streaming apps. How do you verify the apps your organization or family installs on devices? Comment below.
#AndroidSecurity #CyberSecurity #Malware #BankingTrojan #VPN #MobileSecurity #TechNadu

Beware of Mobdro Pro IP TV + VPN, a fake Android app delivering the Klopatra banking Trojan. It can take full device control and steal banking credentials.

#AndroidSecurity #MobileSecurity #BankingTrojan #CyberSecurity #VPN #TechNadu

OpenVPN launches Access Server 3.0 with a modern React Admin Web UI, REST API support, SSO via SAML, MFA management, and enhanced admin tools.

More info: www.technadu.com/openvpn-upda...

#OpenVPN #VPN #CyberSecurity #ITAdmin #TechNadu

Hackers Use Fake Fortinet VPN Tool to Evade Antivirus and Install Malware Hackers use a fake Fortinet VPN compliance tool and cache smuggling to bypass antivirus protection and deliver malware undetected.

Details: www.technadu.com/hackers-use-...

Have you implemented cache monitoring for endpoint security in your organization? Share your strategies.
#CyberSecurity #Malware #Ransomware #Fortinet #TechNadu #SocialEngineering #EndpointSecurity

Hackers deploy a fake Fortinet VPN Compliance Checker to bypass antivirus and install malware using cache smuggling and hidden PowerShell commands. Ransomware groups already copying the tactic.

#CyberSecurity #Fortinet #Malware #Ransomware #TechNadu

Over 100 Organizations Affected in Oracle Hacking Campaign by CL0P Ransomware A Google report reveals a widespread hacking campaign by the CL0P group targeting Oracle's E-Business Suite, affecting over 100 organizations.

Details: www.technadu.com/over-100-org...

How should enterprises prepare for attacks that exploit zero-day flaws in core applications? Discuss below.
#Oracle #CL0P #CyberSecurity #Ransomware #EnterpriseSecurity #TechNadu #ZeroDay

Over 100 organizations affected in Oracle EBS hacking campaign by CL0P ransomware. Zero-day exploited, large-scale data theft, and extortion underway.

#Oracle #CL0P #Ransomware #CyberSecurity #DataBreach #TechNadu

🚨 Voting groups are fighting the Trump administration in court over the SAVE database overhaul - which they say illegally merges millions of Americans’ private records.
Critics call it a “voter surveillance tool,” not an anti-fraud system.
Do centralized voter databases strengthen democracy

⚠️ CISA releases 4 new ICS advisories - covering Hitachi Energy, Rockwell Automation, and Mitsubishi Electric.
Critical infrastructure teams should review mitigations immediately to prevent exploitation.

💬 What’s your biggest challenge in securing industrial networks today?

#CyberSecurity #CISA

Absolutely understandable - incidents like this highlight how much user trust and privacy depend on accountability from both corporations and regulators.

Data protection shouldn’t be a privilege; it’s a fundamental right that deserves stronger enforcement and transparency.

⚠️ Germany will block EU’s Chat Control plan - no mass scanning of encrypted messages.
Justice Minister Hubig: “Random chat monitoring must be taboo in a constitutional state.” Signal warns apps could exit the EU market if passed
💬 Privacy or oversight - where should the line be drawn?
#CyberSecurity