An anonymous reader shares a report: Google said hackers are sending extortion emails to an unspecified number of executives, claiming to have stolen sensitive data from their Oracle business applications. In a statement, Google said a group claiming affiliation with the ransomware gang cl0p, opens new tab was sending emails to "executives at numerous organizations claiming to have stolen sensitive data from their Oracle E-Business Suite." Google cautioned that it "does not currently have sufficient evidence to definitively assess the veracity of these claims."

A hacking group claims to have pulled data from a GitLab instance connected to Red Hat's consulting business, scooping up 570 GB of compressed data from 28,000 customers. From a report: The hack was first reported by BleepingComputer and has been confirmed by Red Hat itself. "Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps," Stephanie Wonderlick, Red Hat's VP of communications told 404 Media.

A file released by the hackers and viewed by 404 Media suggested that the hacking group may have acquired some data related to about 800 clients, including Vodafone, T-Mobile, the US Navy's Naval Surface Warfare Center, the Federal Aviation Administration, Bank of America, AT&T, the U.S. House of Representatives, and Walmart.

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.

The UK government has issued a new order to Apple to create a backdoor into its cloud storage service, this time targeting only British users' data, despite US claims that Britain had abandoned all attempts to break the tech giant's encryption. Financial Times: The UK Home Office demanded in early September that Apple create a means to allow officials access to encrypted cloud backups, but stipulated that the order applied only to British citizens' data, according to people briefed on the matter.

A previous technical capability notice (TCN) issued in January sought global access to encrypted user data. That move sparked a diplomatic clash between the UK and US governments and threatened to derail the two nations' efforts to secure a trade agreement.

In February, Apple withdrew its most secure cloud storage service, iCloud Advanced Data Protection, from the UK. "Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users," Apple said on Wednesday. "We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy." It added: "As we have said many times before, we have never built a back door or master key to any of our products or services and we never will."

A high court in India has ruled that legible medical prescriptions are a fundamental right after a judge found a government doctor's report completely incomprehensible. Justice Jasgurpreet Singh Puri of the Punjab and Haryana High Court issued the order while reviewing a bail petition in an unrelated criminal case. The medico-legal report examining an alleged assault victim was written in handwriting that the judge said left not even a single word or letter legible.

The court directed India's government to add handwriting instruction to medical school curriculum and mandated a two-year timeline for rolling out digital prescriptions nationwide. Until electronic systems are implemented, all doctors must write prescriptions in capital letters. The Indian Medical Association, representing over 330,000 physicians, told BBC it would help address the issue. Association president Dr Dilip Bhanushali said doctors in Indian cities have largely adopted digital prescriptions but practitioners in rural areas and small towns continue using handwritten notes.

Microsoft is promoting Judson Althoff, currently executive vice president and chief commercial officer at Microsoft, to a new role as CEO of its commercial business. From a report: It's the latest shakeup inside the company, as Microsoft navigates what CEO Satya Nadella calls a "tectonic AI platform shift." It's also a move that will allow Nadella to focus on more technical work at Microsoft, while still remaining overall CEO.

In an internal memo to employees today, Nadella announced Althoff's promotion and said it's linked with the need for Microsoft to reinvent itself in the AI era and "bring together sales, marketing, operations, and engineering to drive growth and strengthen our position as the partner of choice for AI transformation." Althoff has led Microsoft's global sales organization for the past nine years, helping the company build out its Microsoft Customer and Partner Solutions (MCAPS) division. He will now also be responsible for the operations and marketing teams that help sell Microsoft's software and services to businesses, but not the engineering teams that help build them.

Microsoft began rolling out Windows 11 version 25H2 today, delivering the annual update as a compact enablement package to users who enable the "get the latest updates as soon as they're available" toggle in Windows Update. The company tested the release in its Windows Insider Release Preview ring during the previous month before the broader rollout.Version 25H2 shares its code base and servicing branch with the existing 24H2 release. Both versions will receive identical monthly feature updates going forward.

The update removes PowerShell 2.0 and the Windows Management Instrumentation command-line tool to reduce the operating system's footprint. John Cable, vice president of program management for Windows servicing and delivery, said the release includes advancements in build and runtime vulnerability detection paired with AI-assisted secure coding. Microsoft designed the version to address security threats under its security development lifecycle policy requirements. The company plans to expand availability over the coming months and will document known compatibility issues on its Windows release health hub. Devices with detected application or driver incompatibilities will receive safeguard holds that delay the update until resolution.

Chinese hackers breached email servers of foreign ministers as part of a years-long effort targeting the communications of diplomats around the world, according to researchers at the cybersecurity firm Palo Alto Networks. From a report: Attackers accessed Microsoft Exchange email servers, gaining the ability to search for information at some foreign ministries, said the team at Unit 42, the threat intelligence division of Palo Alto Networks, which has been tracking the group for nearly three years.

Hackers specifically searched in the email servers for key terms related to a China-Arab summit in Riyadh, Saudi Arabia, in 2022, said Lior Rochberger, senior researcher at the company. They also searched for names such as including Chinese President Xi Jinping and his wife, Peng Liyuan, in the context of that summit, the researchers said. The researchers declined to specifically identify which countries had their systems breached in the hacking campaign, but wrote in the report that the group's targeting patterns "align consistently with the People's Republic of China (PRC) economic and geopolitical interests."

Amazon today announced three new Kindle Scribe models, its e ink-featuring tables designed for note-taking and reading. The lineup includes the standard Kindle Scribe and a version without a front light alongside the Kindle Scribe Colorsoft. The new devices feature an 11-inch glare-free E Ink screen compared to the 10.2-inch display on previous models.

Amazon has reduced the weight to 400 grams from 433 grams and made the devices 5.4mm thin. The company added a quad-core processor and additional memory to deliver writing and page turns that are 40% faster than earlier versions. The Colorsoft model uses custom-built display technology to offer 10 pen colors and five highlighter colors. Amazon redesigned the software to include AI-powered notebook search and summaries. The devices will support Google Drive and Microsoft OneDrive for document access and allow users to export notes as editable text to OneNote. The standard Kindle Scribe will start at $499.99 and the Colorsoft at $629.99 when they become available later this year. The version without a front light will cost $429.99 and arrive early next year.

It's the world's largest companies by revenue. But Walmart's executives have a blunt message, reports the Wall Street Journal: "Artificial intelligence will wipe out jobs and reshape its workforce." "It's very clear that AI is going to change literally every job," Chief Executive Doug McMillon said this week in one of the most pointed assessments to date from a big-company CEO on AI's likely impact on employment... "Maybe there's a job in the world that AI won't change, but I haven't thought of it."

Inside Walmart, top executives have started to examine AI's implications for its workforce in nearly every high-level planning meeting. Company leaders say they are tracking which job types decrease, increase and stay steady to gauge where additional training and preparation can help workers. "Our goal is to create the opportunity for everybody to make it to the other side," McMillon said. For now, Walmart executives say the transformation means the size of its global workforce will stay roughly flat even as its revenue climbs. It plans to maintain its head count of around 2.1 million global workers over the next three years, but the mix of those jobs will change significantly, said Donna Morris, Walmart's chief people officer. What the composition will look like remains murky... Already Walmart has built chat bots, which it calls "agents," for customers, suppliers and workers. It is also tracking an expanding share of its supply chain and product trends with AI...

Some changes are already rippling across the workforce. In recent years Walmart has automated many of its warehouses with the help of AI-related technology, triggering some job cuts, executives said. Walmart is also looking to automate some back-of-store tasks. New roles have been established, too. Walmart, for example, created an "agent builder" position last month — an employee who builds AI tools to help merchants. It expects to add people in areas like home delivery or in high-touch customer positions, such as its bakeries. The company has also added more in-store maintenance technicians and truck drivers in recent years.
The article also a comment made by Ford Motor Chief Executive Jim Farley earlier this summer. "Artificial intelligence is going to replace literally half of all white-collar workers in the U.S."

Friday the security researchers at Arctic Wolf Labs wrote: In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. Victims spanned across multiple sectors and organization sizes, suggesting opportunistic mass exploitation.

This campaign has recently escalated, with new infrastructure linked to it observed as late as September 20, 2025.
More from Cybersecurity News: SonicWall has linked these malicious logins to CVE-2024-40766, an improper access control vulnerability disclosed in 2024. The working theory is that threat actors harvested credentials from devices that were previously vulnerable and are now using them in this campaign, even if the devices have since been patched. This explains why fully patched devices have been compromised, a fact that initially led to speculation about a potential zero-day exploit.

Once inside a network, the attackers operate with remarkable speed. The time from initial access to ransomware deployment, known as "dwell time," is often measured in hours, with some intrusions taking as little as 55 minutes, Arctic Wolf said. This extremely short window for response makes early detection critical.
"Threat actors in the present campaign successfully authenticated against accounts with the one-time password (OTP) MFA feature enabled..." notes Artic Wolf Labs: The threats described in this campaign demand early detection and a rapid response to avoid catastrophic impact to organizations. To facilitate this process, we recommend monitoring for VPN logins originating from untrusted hosting infrastructure. Equally important is ensuring visibility into internal networks, since lateral movement and ransomware encryption can occur within hours or even minutes of initial access. Monitoring for anomalous SMB activity indicative of Impacket use provides an additional early detection opportunity.

When firewalls are confirmed to be running firmware versions vulnerable to credential access or full configuration export, patching alone is not enough. In such situations, credentials must be reset wherever possible, including MFA-related secrets that might otherwise be thought of as secure, and Active Directory credentials with VPN access. These considerations are best practices that apply regardless of which firewall products are in use.
Thanks to Slashdot reader Mirnotoriety for suggesting this story.

An anonymous reader quotes a report from CNN: A team of suspected Chinese hackers has infiltrated US software developers and law firms in a sophisticated campaign to collect intelligence that could help Beijing in its ongoing trade fight with Washington, cybersecurity firm Mandiant said Wednesday. The hackers have been rampant in recent weeks, hitting the cloud-computing firms that numerous American companies rely on to store key data, Mandiant, which is owned by Google, said. In a sign of how important China's hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms' proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant.

[...] In some cases, the hackers have lurked undetected in the US corporate networks for over a year, quietly collecting intelligence, Mandiant said. The disclosure comes after the Trump administration escalated America's trade war with China this spring by slapping unprecedented tariffs on Chinese exports to the United States. The tit-for-tat tariffs set off a scramble in both governments to understand each other's positions. Mandiant analysts said the fallout from the breaches -- the task of kicking out the hackers and assessing the damage -- could last many months. They described it as a milestone hack, comparable in severity and sophistication to Russia's use of SolarWinds software to infiltrate US government agencies in 2020.

Raspberry Pi has launched the Raspberry Pi 500 Plus for $200, more than doubling the $90 price of the standard model. The keyboard computer now includes an M.2 2280 SSD socket alongside the SD card slot, 256GB of storage and 16GB of LPDDR4x-4267 RAM instead of 8GB. The company added Gateron KS-33 Blue mechanical switches, replaceable low-profile keycaps finished to allow RGB lighting to shine through and an RP2040 microcontroller running QMK firmware.

The 500 Plus retains Wi-Fi 5, Bluetooth, gigabit Ethernet, two micro HDMI ports, three USB-A ports, and USB-C power from the base model. A $220 Desktop Kit bundles necessary cables, power supply, and mouse.

An anonymous reader quotes a report from MIT Technology Review: Flock Safety, whose drones were once reserved for police departments, is now offering them for private-sector security, the company announced today, with potential customers including including businesses intent on curbing shoplifting.Companies in the US can now place Flock's drone docking stations on their premises. If the company has a waiver from the Federal Aviation Administration to fly beyond visual line of sight (these are becoming easier to get), its security team can fly the drones within a certain radius, often a few miles.

"Instead of a 911 call [that triggers the drone], it's an alarm call," says Keith Kauffman, a former police chief who now directs Flock's drone program. "It's still the same type of response." Kauffman walked through how the drone program might work in the case of retail theft: If the security team at a store like Home Depot, for example, saw shoplifters leave the store, then the drone, equipped with cameras, could be activated from its docking station on the roof. "The drone follows the people. The people get in a car. You click a button," he says, "and you track the vehicle with the drone, and the drone just follows the car." The video feed of that drone might go to the company's security team, but it could also be automatically transmitted directly to police departments.

The defense tech startup Epirus has developed a cutting-edge, cost-efficient drone zapper that's sparking the interest of the US military. Now the company has to deliver. The company says it's in talks with large retailers but doesn't yet have any signed contracts. The only private-sector company Kauffman named as a customer is Morning Star, a California tomato processor that uses drones to secure its distribution facilities. Flock will also pitch the drones to hospital campuses, warehouse sites, and oil and gas facilities. It's worth noting that the FAA is currently drafting new rules for how it grants approval to pilots flying drones out of sight, and it's not clear if Flock's use case would be allowed under the currently proposed guidance.

Spotify says it has has removed over 75 million fraudulent tracks in the past year as it works to combat "AI slop," deepfake impersonations, and spam uploads. Variety reports: Its new protections include a policy to police unauthorized vocal impersonation ("deepfakes") and fraudulent music uploaded to artists' official profiles; an enhanced spam filter to prevent mass uploads, duplicates, SEO hacks, artificially short tracks designed to fraudulently boost streaming numbers and payments. The company also says it's collaborating with industry partners to devise an industry standard in a song's credits to "clearly indicate where and how AI played a role in the creation of a track."

"The pace of recent advances in generative AI technology has felt quick and at times unsettling, especially for creatives," the company writes in a just-published post on its official blog. "At its best, AI is unlocking incredible new ways for artists to create music and for listeners to discover it. At its worst, AI can be used by bad actors and content farms to confuse or deceive listeners, push 'slop' into the ecosystem, and interfere with authentic artists working to build their careers. The future of the music industry is being written, and we believe that aggressively protecting against the worst parts of Gen AI is essential to enabling its potential for artists and producers."

In a press briefing on Wednesday, Spotify VP and Global Head of Music Product Charlie Hellman said, "I want to be clear about one thing: We're not here to punish artists for using AI authentically and responsibly. We hope that they will enable them to be more creative than ever. But we are here to stop the bad actors who are gaming the system. And we can only benefit from all that good side if we aggressively protect against the bad side."