Weekly INK

CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks Source: Dark Reading US agencies say Chinese state actors are deploying the Brickstorm backdoor in VMware vSphere environments, enabling persistence, VM snapshot theft, and lateral movement. For SMBs supporting critical sectors: harden vSphere, restrict remote access, enforce MFA, and monitor for anomalous VM and DNS-over-HTTPS activity. Link to article Pharma firm Inotiv discloses data breach after ransomware attack Source:

Arizona AG Sues Temu Over “Stealing” User Data Source: Dark Reading Arizona’s attorney general sued Temu, alleging the shopping app secretly harvests sensitive device data and evades reviews. U.S. firms should expect renewed scrutiny of mobile SDKs, background data collection, and consent. Review privacy notices, telemetry settings, and third-party code used in consumer apps. Link to article Google fixes two Android zero-days exploited in attacks (107 flaws total) Source: Ble

Critical Fortinet FortiWeb WAF Bug Exploited in the Wild Source: Dark Reading A newly disclosed FortiWeb flaw lets attackers run admin-level commands on unpatched web application firewalls. For SMBs that rely on WAFs to protect websites and portals, this is a patch-now event: exposed devices can be taken over pre-login, leading to data theft, website defacement, or downtime. Link to article Kraken Uses Benchmarking to Enhance Ransomware Attacks Source: Infosecurity Magazine A

OWASP Highlights Supply Chain Risks in New Top 10 List Source: Dark Reading A major OWASP refresh spotlights software supply chain failures and misconfiguration as top risks. For SMBs, this means looking beyond code bugs to vendor components, CI/CD pipelines, and cloud settings. The takeaway: add supply-chain checks to patching, and tighten configuration governance to reduce real-world breach paths. Link to article Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI C

Multiple ChatGPT Security Bugs Allow Rampant Data Theft Source: Dark Reading Researchers found seven weaknesses that let attackers steal chat history and “memories,” bypass safety checks, and plant malicious instructions—no deep technical skill required. For SMBs exploring AI, this signals immediate risk: tighten browsing features, restrict plug-ins, and treat AI tools like any other internet-facing app. Link to article Microsoft: SesameOp malware abuses OpenAI Assistants API

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation Source: The Hacker News Security researchers observed real-world exploitation of the WSUS bug shortly after disclosure. The write-ups outline initial access and payload delivery patterns. Admins should review egress traffic, restrict WSUS exposure, and verify that emergency patches applied cleanly across all downstream servers. Link to article Massive China-Linked Smishing Campaign Leveraged 194,000 Do

Verizon: Mobile Blindspot Leads to Needless Data Breaches Source: Dark Reading Verizon’s Mobile Security Index says companies still treat phones as second-class citizens for security. Smishing is surging, BYOD policies are lax, and simple controls like MDM and zero trust would cut incidents dramatically. SMB takeaway: secure personal/work mobiles now—phishing isn’t just in email anymore. Link to article CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw Source:

Russia-linked hackers attack Texas electric cooperatives Source: CyberNews Qilin, the cybercriminal gang behind the alleged ransomware attacks, has listed two Texas electric distribution cooperatives as victims on its leak site on the dark web. One of the alleged victims is San Bernard Electric Cooperative, which has approximately 3,900 miles of electrical distribution lines serving approximately 28,000 households in eight Texas counties, including Austin, Colorado, Fayette,

Oracle patches EBS zero-day exploited in Clop data-theft attacks Source: BleepingComputer Oracle fixed a critical E-Business Suite flaw (CVE-2025-61882) that Clop abused to steal data. The bug allows unauthenticated remote code execution, making it urgent for any company running Oracle EBS to patch now and hunt for compromise indicators. SMBs using Oracle partners should ask vendors to confirm patching. Link to article Medusa ransomware actors exploit Fortra GoAnywhere flaw S