{"id":7609,"date":"2025-10-12T17:17:41","date_gmt":"2025-10-12T17:17:41","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=7609"},"modified":"2025-10-12T17:17:41","modified_gmt":"2025-10-12T17:17:41","slug":"in-different-information-gladinet-flaw-exploitation-assaults-on-ics-honeypot-clayrat-spy-ware","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=7609","title":{"rendered":"In Different Information: Gladinet Flaw Exploitation, Assaults on ICS Honeypot, ClayRat Spy ware"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><strong>SecurityWeek\u2019s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped underneath the radar.<\/strong><\/p>\n<p>We offer a useful abstract of tales that will not warrant a whole article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.<\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/topics\/in-other-news\/\">Every week<\/a>, we curate and current a set of noteworthy developments, starting from the newest vulnerability discoveries and rising assault strategies to vital coverage modifications and trade stories.\u00a0<\/p>\n<p><strong>Listed below are this week\u2019s tales:<\/strong><\/p>\n<p><strong>Gladinet vulnerability exploited within the wild<\/strong><\/p>\n<p>A vulnerability affecting Gladinet\u2019s CentreStack and Triofox merchandise has been <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.huntress.com\/blog\/gladinet-centrestack-triofox-local-file-inclusion-flaw\">exploited within the wild<\/a>, Huntress warns. CentreStack is a cellular entry and safe sharing answer whereas Triofox is a safe file entry answer. Huntress earlier this 12 months found exploitation of CVE-2025-30406, a hardcoded machine key situation affecting the merchandise, and it has now detected exploitation of a brand new vulnerability, CVE-2025-11371, which permits unauthenticated native file inclusion. Gladinet is conscious of the problem and is within the technique of offering a workaround to prospects till a patch is developed.\u00a0<\/p>\n<p><strong>US universities focused by payroll pirates<\/strong><\/p>\n<p>Microsoft has warned {that a} cybercrime group it tracks as <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/10\/09\/investigating-targeted-payroll-pirate-attacks-affecting-us-universities\/\">Storm-2657<\/a> has been concentrating on US universities in an effort to hack worker accounts on HR platforms corresponding to Workday. The purpose is to divert wage funds to accounts managed by the attackers. Some of these menace actors are often known as \u201cpayroll pirates\u201d. The assaults seen by Microsoft don&#8217;t contain exploitation of Workday vulnerabilities. As an alternative the hackers are leveraging social engineering ways and the shortage of MFA to compromise accounts.\u00a0<\/p>\n<div class=\"zox-post-ad-wrap\"><span class=\"zox-ad-label\">Commercial. Scroll to proceed studying.<\/span><\/div>\n<p><strong>Zimbra vulnerability exploited in assault on Brazilian navy<\/strong><\/p>\n<p>StrikeReady warned {that a} <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/strikeready.com\/blog\/0day-ics-attack-in-the-wild\/\">Zimbra vulnerability<\/a> tracked as CVE-2025-27915 was exploited earlier this 12 months to focus on Brazil\u2019s navy. The assault concerned a malicious ICS calendar file. There don&#8217;t look like different public stories describing exploitation of CVE-2025-27915, which has been described as an XSS flaw permitting an attacker to execute arbitrary JavaScript and carry out unauthorized actions on the sufferer\u2019s Zimbra account, together with e mail redirection and information exfiltration.<\/p>\n<p><strong>Mic-E-Mouse assault<\/strong><\/p>\n<p>A group of researchers from the College of California have disclosed the small print of an assault technique they&#8217;ve named <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/sites.google.com\/view\/mic-e-mouse\/home?authuser=0\">Mic-E-Mouse<\/a>, which leverages the high-performance optical sensors on a mouse to listen in on customers. The researchers confirmed that speech induces delicate floor vibrations that the mouse\u2019s sensor can detect. The audio high quality is initially poor, however the researchers confirmed how it may be processed to enhance its high quality. However, accuracy continues to be low in actual world atmosphere exams.\u00a0<\/p>\n<p><strong>Two arrested in UK over nursery chain hack<\/strong><\/p>\n<p>Two unnamed people, reportedly aged 17 and 22, have been <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bbc.com\/news\/articles\/cpvlgzk0xvpo\">arrested<\/a> within the UK over a cyberattack that focused the nursery chain Kido. Hackers stole the names, addresses, and pictures of 8,000 kids and began leaking them with the intention to persuade Kido to pay a ransom. The hackers additionally referred to as impacted mother and father to extend the stress on the nursery chain. In response to pushback from different hackers, the youngsters\u2019s photos have been blurred, and later all the information was taken offline.\u00a0<\/p>\n<p><strong>Brightstar and Decisely information breaches influence over 100,000\u00a0<\/strong><\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.maine.gov\/agviewer\/content\/ag\/985235c7-cb95-4be2-8792-a1252b4f8318\/551c73d5-f1f0-4328-ba76-5afd6345fa1a.html\">Brightstar<\/a> and <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.maine.gov\/agviewer\/content\/ag\/985235c7-cb95-4be2-8792-a1252b4f8318\/0caf10ec-3360-43be-8c57-6d49b030c606.html\">Decisely Insurance coverage Companies<\/a> have every disclosed information breaches impacting greater than 100,000 folks. IGT and its lottery enterprise Brightstar stated unauthorized entry was found practically one 12 months in the past, however it took till not too long ago to find out what sort of knowledge was compromised and who was impacted. Decisely found unauthorized entry in December 2024 and began notifying affected people in June 2025. The info breach at Decisely impacted private data associated to its companion MetLife.\u00a0<\/p>\n<p><strong>WordPress plugin vulnerability exploited<\/strong><\/p>\n<p>Hackers have been trying to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.wordfence.com\/blog\/2025\/10\/attackers-actively-exploiting-critical-vulnerability-in-service-finder-bookings-plugin\/\">exploit CVE-2025-5947<\/a>, a crucial vulnerability within the Service Finder Bookings plugin, to hack WordPress web sites. The plugin is a part of the premium Service Finder theme, which has been acquired by roughly 6,000 web sites. The vulnerability was patched on July 17 and disclosed by Defiant on July 31. Exploitation began on August 1 and Defiant\u2019s Wordfence firewall has already blocked practically 14,000 assaults.\u00a0<\/p>\n<p><strong>Honeypot information reveals ICS\/OT assaults from Russia and Iran<\/strong><\/p>\n<p>An ICS\/OT <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.forescout.com\/blog\/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics\/\">honeypot<\/a> run by Forescout, designed to imitate a water remedy plan, has been focused by a Russia-linked group named TwoNet, which tried to deface the related HMI, disrupt processes, and manipulate different ICS. TwoNet has been concerned in hacktivist assaults, however a lot of its actions appear pushed by revenue. Forescout\u2019s honeypots additionally noticed assault makes an attempt which have been linked to Russia and Iran.\u00a0<\/p>\n<p><strong>OpenAI disrupts ChatGPT abuse<\/strong><\/p>\n<p>OpenAI has revealed one other <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/cdn.openai.com\/threat-intelligence-reports\/7d662b68-952f-4dfd-a2f2-fe55b041cc4a\/disrupting-malicious-uses-of-ai-october-2025.pdf\">report<\/a> describing the actions it has taken in opposition to the malicious use of ChatGPT. The corporate has seen Russian, Chinese language and (North) Korean menace actors abusing its AI assistant for malware improvement, phishing, scams, and affect operations.\u00a0<\/p>\n<p><strong>ClayRat Android spyware and adware targets Russia<\/strong><\/p>\n<p>Zimperium has detailed <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/zimperium.com\/blog\/clayrat-a-new-android-spyware-targeting-russia\">ClayRat<\/a>, an Android spyware and adware primarily concentrating on Russian customers. The malware has been distributed by way of Telegram channels and phishing websites, disguised as common apps corresponding to WhatsApp, TikTok, and YouTube. As soon as it has been put in on a tool, ClayRat can steal SMS messages, notifications, and name logs, take photographs with the contaminated system\u2019s entrance digital camera, and ship messages or make calls from the sufferer\u2019s cellphone.<\/p>\n<p><strong>Associated<\/strong>: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/in-other-news-pqc-adoption-new-android-spyware-fema-data-breach\/\">In Different Information: PQC Adoption, New Android Spy ware, FEMA Knowledge Breach<\/a><\/p>\n<p><strong>Associated<\/strong>: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/in-other-news-lockbit-5-0-department-of-war-cybersecurity-framework-oneplus-vulnerability\/\">In Different Information: LockBit 5.0, Division of Struggle Cybersecurity Framework, OnePlus Vulnerability<\/a>\n\t\t\t<\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>SecurityWeek\u2019s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped underneath the radar. We offer a useful abstract of tales that will not warrant a whole article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama. Every week, we curate and current a set of noteworthy developments, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7611,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[145,5852,2036,2705,5849,5851,5850,121,1724],"class_list":["post-7609","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-attacks","tag-clayrat","tag-exploitation","tag-flaw","tag-gladinet","tag-honeypot","tag-ics","tag-news","tag-spyware"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/7609","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7609"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/7609\/revisions"}],"predecessor-version":[{"id":7610,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/7609\/revisions\/7610"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/7611"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-04-13 10:41:04 UTC -->