ClickFix Malware Attacks Evolve With Multi-OS Support, Video Tutorials
The ClickFix malware campaign has advanced with new features including multi-OS support, embedded video tutorials guiding victims through infection, and system auto-detection for tailored payload execution. Previously, attackers relied on written instructions to trick users into executing malicious code, but now they use convincing videos to enhance credibility. The goal remains to deploy information stealers and other malware through deceptive social-engineering tactics.
Source: BleepingComputer

Critical Cisco UCCX Flaw Lets Attackers Run Commands as Root
Cisco patched a critical flaw (CVE-2025-20354) in its Unified Contact Center Express (UCCX) platform that could allow unauthenticated attackers to execute commands with root privileges. The vulnerability, located in the Java RMI process, was reported by security researcher Jahmel Harris. Cisco also addressed a separate flaw in its CCX Editor application that could allow attackers to bypass authentication and execute arbitrary scripts remotely with administrative rights.
Source: BleepingComputer

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
SonicWall confirmed that state-sponsored actors were responsible for the September breach that exposed firewall configuration backup files. The attackers accessed the backups via an API call from a specific cloud environment. While the company emphasized that the incident was unrelated to Akira ransomware attacks, it did not name the nation behind the activity. The breach affected less than 5% of SonicWall customers using the cloud backup service.
Source: TheHackerNews

From Tabletop to Turnkey: Building Cyber Resilience in Financial Services
The financial sector is now required to conduct cyber resilience exercises due to global regulatory mandates such as DORA in the EU and CPS230 in Australia. These tabletop exercises, once optional, have become an operational necessity. The complexity of compliance lies in cross-functional collaboration, combining technical and non-technical teams to meet resilience standards and strengthen organizational preparedness.
Source: TheHackerNews

Nevada Ransomware Attack Started Months Before It Was Discovered, Per Report
An after-action report revealed that Nevada’s August ransomware attack began as early as May 2025, when a state employee unknowingly downloaded malicious software. The incident disrupted critical services including licensing, employment checks, and payroll operations. Recovery efforts cost the state at least $1.5 million, though officials confirmed no ransom was paid. The attack underscores the growing threat of ransomware to state-level infrastructure.
Source: SecurityWeek