BMC Daily Cyber News

This week’s wrap cuts through the noise. We break down North Korea’s multi-billion-dollar crypto theft problem, the Salesforce-adjacent extortion wave targeting customer exports, and active exploitation against Oracle E-Business Suite. We also cover a critical Redis flaw with app-wide blast radius, Cisco edge firewall abuse with public exploit code, Zimbra’s KEV-listed email bug, GoAnywhere MFT ransomware activity, mass sc...

This is today’s cyber news for October 9th, 2025. A new cloud-focused extortion crew targets AWS, a three-way ransomware alliance promises faster, louder campaigns, and Qilin pressures Asahi with leaked data. We cover a coordinated push against Salesforce tenants by a “Scattered Lapsus$ Hunters” collective and a Microsoft 365 outage that rippled through Teams and Exchange. Rounding out the brief: urgent fixes for a Redis L...

This is today’s cyber news for October 8th, 2025. A Fortune-scale standoff leads the brief as Salesforce refuses to pay after a mass data-theft extortion attempt. We also cover ShinyHunters’ new leak portal, active exploitation against Oracle E-Business Suite, Medusa’s push through GoAnywhere MFT, and a critical Redis flaw dubbed “RediShell.” Rounding out the lineup: CISA’s KEV addition for Zimbra, DraftKings credential-st...

 This is today’s cyber news for October 7th, 2025. We cover active exploitation and high-impact enterprise risks: an Oracle E-Business Suite zero-day, Red Hat’s data-theft/extortion saga, ransomware crews abusing a GoAnywhere MFT flaw, a critical Redis issue enabling code execution, and a Zimbra zero-day via booby-trapped calendar invites. We then shift to platform and infrastructure risks—from LinkedIn’s fight against lar...

This is today’s cyber news for October 6th, 2025. We open with a Zimbra zero-day delivered through malicious calendar files and why auto-parsing turns invites into compromise. Then we look at researchers repurposing Amazon’s X-Ray tracing for command-and-control, a fivefold surge of scans on Palo Alto portals, and fresh additions to CISA’s Known Exploited Vulnerabilities list. Rounding out the top set, Discord disclosed a ...

This is today’s cyber news for October 3rd, 2025. We cover Red Hat’s internal GitLab breach and what “customer engagement records” could expose, Microsoft’s move to block inline SVG in Outlook, and a critical remote-code-execution flaw in DrayTek Vigor routers. We also break down Android spyware impersonating Signal and ToTok, and the “Gemini Trifecta” weaknesses that show how AI assistants can inherit risky permissions fr...

This is today’s cyber news for October 2nd, 2025. Federal shutdowns are disrupting cyber intelligence sharing at CISA, a critical flaw in Red Hat’s OpenShift AI platform threatens hybrid environments, and OpenSSL has released urgent patches. We also cover identity issues at OneLogin, a widening WestJet breach that exposed passports and IDs, and a major Allianz Life data breach with Social Security numbers at risk. From Goo...

This is today’s cyber news for October 1st, 2025. Imgur’s sudden U.K. shutdown after a looming privacy fine leads the brief with a real-world reminder that regulatory pressure can break your workflows overnight. We cover Unit 42’s “Phantom Taurus” living filelessly inside Microsoft Exchange, fresh Android banking campaigns draining accounts in Italy and Spain, the FTC’s suit against the youth app Sendit, and PDF-based phis...

This is today’s cyber news for 2025-09-29. A busy slate led by Asahi’s nationwide logistics pause after a cyberattack, a Harrods third-party breach affecting hundreds of thousands of shoppers, and the UK’s rare £1.5B loan guarantee to steady Jaguar Land Rover after a crippling incident. We cover edge-device pressure with Akira ransomware exploiting a SonicWall flaw, plus a rogue npm package (“postmark-mcp”) that abused Mod...

This is today’s cyber news for 2025-09-29. Ransomware, zero-days, and persistent backdoors dominated the headlines, showing just how wide the attack surface has become. Medusa claims to have stolen more than 800 gigabytes of Comcast data and is demanding $1.2 million in extortion. Akira continues to find ways around SonicWall VPN multi-factor authentication, raising fresh concerns about identity controls. The UK’s Co-op ha...

This is today’s cyber news for September 25, 2025. In this edition we cover major developments that matter to defenders, leaders, and builders. From new malware variants slipping into developer tools, to phishing training that fails in practice, to dangerous flaws in Cisco firewalls already under attack—today’s feed is packed with lessons that directly affect how organizations secure their people and systems. We also exami...

Daily Cyber News for September 25th, 2025. Today’s episode tracks a rapid-fire landscape where exploits move at disclosure speed and persistence hides below the operating system. We open with a GeoServer flaw weaponized within days against a U.S. federal agency, then shift to new Supermicro BMC issues that enable backdoors that survive wipe-and-rebuild. We cover election-season influence ops aimed at Moldova, a convincing ...

Today’s briefing brings together the most urgent developments across the cyber landscape. We begin with Boyd Gaming confirming a data breach affecting employees, then turn to Microsoft’s patch of a dangerous Entra ID flaw that could allow Global Admin impersonation. GitHub’s changes to npm authentication highlight how supply-chain security is shifting, while Cloudflare reports blocking the largest denial-of-service attack ...

Europe’s aviation sector reeled this weekend as a ransomware attack on Collins Aerospace disrupted check-in systems at major airports, from Heathrow to Brussels to Berlin. At the same time, automaker Stellantis confirmed a customer data breach tied to a third-party platform, raising alarms across the supply chain. Microsoft also disclosed a critical flaw in Entra ID that could have let attackers impersonate Global Administ...

The BCM Daily Cyber News is a short daily podcast that keeps you current on the most important developments in cybersecurity. Every weekday, we bring you clear updates on threats, breaches, vulnerabilities, and cyber trends — all in under 15 minutes.

Whether you work in security, manage technology, study the field, or simply want to understand how cyber events affect your world, this briefing is designed for you. Subscr...