Weekly INK

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation Source: The Hacker News Security researchers observed real-world exploitation of the WSUS bug shortly after disclosure. The write-ups outline initial access and payload delivery patterns. Admins should review egress traffic, restrict WSUS exposure, and verify that emergency patches applied cleanly across all downstream servers. Link to article Massive China-Linked Smishing Campaign Leveraged 194,000 Do

Verizon: Mobile Blindspot Leads to Needless Data Breaches Source: Dark Reading Verizon’s Mobile Security Index says companies still treat phones as second-class citizens for security. Smishing is surging, BYOD policies are lax, and simple controls like MDM and zero trust would cut incidents dramatically. SMB takeaway: secure personal/work mobiles now—phishing isn’t just in email anymore. Link to article CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw Source:

Russia-linked hackers attack Texas electric cooperatives Source: CyberNews Qilin, the cybercriminal gang behind the alleged ransomware attacks, has listed two Texas electric distribution cooperatives as victims on its leak site on the dark web. One of the alleged victims is San Bernard Electric Cooperative, which has approximately 3,900 miles of electrical distribution lines serving approximately 28,000 households in eight Texas counties, including Austin, Colorado, Fayette,

Oracle patches EBS zero-day exploited in Clop data-theft attacks Source: BleepingComputer Oracle fixed a critical E-Business Suite flaw (CVE-2025-61882) that Clop abused to steal data. The bug allows unauthenticated remote code execution, making it urgent for any company running Oracle EBS to patch now and hunt for compromise indicators. SMBs using Oracle partners should ask vendors to confirm patching. Link to article Medusa ransomware actors exploit Fortra GoAnywhere flaw S

Maximum severity GoAnywhere MFT flaw exploited as zero day Source: BleepingComputer Attackers are actively exploiting a newly disclosed...

Npm Package Hides Malware in Steganographic QR Codes Source: Dark Reading A malicious npm package used QR-code images to conceal malware,...

689,000 Affected by Insider Breach at FinWise Bank Source: SecurityWeek A former FinWise Bank employee accessed sensitive data linked to...

Hackers left empty‑handed after massive NPM supply‑chain attack Source: BleepingComputer An attack on the JavaScript ecosystem saw a...

Bridgestone Americas investigates limited cyberattack affecting manufacturing Source: BleepingComputer Bridgestone Americas says a...