Category: Exploits

Among the numerous cyber threats that enterprises must contend with, domain-based attacks hold a prominent position. These are attacks that target or exploit domain names or DNS infrastructure. They’re hardly new, but the threat is growing and mutating rapidly. One study found that in 2024, one in every 174 DNS requests was malicious, compared with…

Read more →

Digital forensics is a critical function for any enterprise. After a cyberattack, forensic professionals investigate how the attacker gained access, what systems were affected, and what actions were taken. This work is both reflective and prescriptive: By uncovering the path of the breach, the ultimate goal is to prevent similar incidents in the future. Due…

Read more →

Vulnerable SonicWall firewalls that should have been patched a year ago for an access control vulnerability are being hacked by a ransomware gang, Australia’s cybersecurity authorities warned this week. The Australian Cyber Security Centre is seeing an increase in active exploitation in that country of a 2024 critical vulnerability in SonicWall firewalls with SSL VPN enabled. “We…

Read more →

A newly discovered strain of a cryptomining malware, first reported in June 2025, has evolved to target exposed Docker APIs instead of relying on Docker escape techniques as before. According to security researchers from Akamai’s Hunt Team, the new variant has also shifted focus towards setting up backdoors and persistence, along with efforts to block…

Read more →

Attackers are increasingly exploiting generative AI by embedding malicious prompts in macros and exposing hidden data through parsers. The switch in adversarial tactics — noted in a recent State of File Security study from OPSWAT — calls for enterprises to extend the same type of protection they already apply to software development pipelines into AI…

Read more →

Adobe issued an emergency patch for one of the most severe vulnerabilities ever discovered in the Magento Open Source ecommerce platform and Adobe Commerce, its enterprise counterpart. The flaw allows unauthenticated attackers to hijack user accounts and, in some cases, execute arbitrary code on servers. Tracked as CVE-2025-54236 and dubbed SessionReaper by the security community,…

Read more →

Oasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a disclosure shared with CSO ahead of its publication on Wednesday, the issue comes from how Cursor lets certain project settings trigger tasks to run automatically…

Read more →

The recent SalesLoft Drift breaches revealed an uncomfortable truth that keeps me up at night, and should keep every CISO awake, too. Organizations weren’t breached through their vendor. They weren’t even breached through their vendor’s vendor. It appears they were compromised through their vendor’s acquired company, referred to as a “fourth-party,” via legacy OAuth tokens…

Read more →

A massive supply chain attack compromised 18 highly popular npm packages, which collectively received two billion weekly downloads, deploying sophisticated browser-based malware designed to steal cryptocurrency and web3 transactions from unsuspecting developers and end-users, and silently redirecting funds to attacker-controlled accounts, according to security firm Aikido. The attack began on September 8, when Aikido’s threat…

Read more →

One July morning, a startup founder watched in horror as their production database vanished, nuked not by a hacker, but by a well-meaning AI coding assistant in Replit. A single AI-suggested command, executed without a second glance, wiped out live data in seconds. The mishap has become a cautionary tale about “vibe coding,” the growing…

Read more →

Many enterprises are at growing risk due to immature supply chain cybersecurity practices and outdated strategies. The majority (71%) of organizations experienced at least one material third-party cybersecurity incident in the past year, and 5% reported 10 or more such incidents, according to a recent survey of 546 IT directors and CISOs by cybersecurity ratings…

Read more →

Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild

Read more →

Exploitation of CVE-2025-42957 requires “minimal effort” and can result in a complete compromise of the SAP system and host OS, according to researchers.

Read more →

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. “Sitecore…

Read more →

Ein Exploit für die Schwachstelle wurde bereits in freier Wildbahn beobachtet. Nitpicker / Shutterstock Vergangenen Monat hat SAP einen Patch für S/4HANA herausgebracht, der die gewaltige Schwachstelle CVE-2025-42957 mit einem CVSS-Score von 9,9 beheben soll. Der nun aufgetauchte Exploit ermöglicht es einem User mit geringen Berechtigungen, mittels Code-Injection in der SAP-Programmiersprache ABAP die vollständige Kontrolle…

Read more →

Instead of relying on advanced tools or complex scripts, experienced attackers penetrate systems and steal data using the most effective weapon of all: social engineering. Social engineering lies at the intersection of cybersecurity and psychology, exploiting human behavior to achieve malicious goals. From the legendary scams of Kevin Mitnick to today’s AI-driven threats, cybercriminals have…

Read more →

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability…

Read more →

SAP S/4HANA admins who haven’t already installed a critical August 11 patch could be in trouble: An exploit for the code injection vulnerability is already being exploited in the wild. The vulnerability, CVE-2025-42957 (with a CVSS score of 9.9) allows a low-privileged user to take complete control of an SAP system through code injection in SAP’s…

Read more →

A sample ASP.NET machine key in old deployment guides for Sitecore products is being exploited by attackers to launch ViewState code injection attacks that compromise servers. According to Google’s Mandiant Threat Defense team, after initial exploitation, the attackers deploy tools to escalate privileges, add new users (including admins), establish remote access tunnels, and dump credentials…

Read more →

North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities in question are listed below – CVE-2023-50224 (CVSS score: 6.5) – An authentication bypass by spoofing…

Read more →

Hackers are using legitimate red team tool Hexstrike-AI to simplify and speed up vulnerability exploitation

Read more →

A “sophisticated” attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.

Read more →

Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,

Read more →

Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks. The vulnerabilities are listed below – CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain

Read more →

A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft’s device code authentication flow.

Read more →

Cybersecurity is usually seen as a technical problem. There are security controls, detection logic, encryption, and other pretty technical concepts. However, at the core, it remains a human issue: users making quick decisions under pressure, analysts triaging endless alerts, and executives deciding on trade-offs. Most of the time when I hear security people discuss human…

Read more →

Enterprises will no doubt be using agentic AI for a growing number of workflows and processes, including software development, customer support automation, robotic process automation (RPA), and employee support. Among the key questions for CISOs and their staffs: What are the cybersecurity risks of agentic AI, and how much more work will it take for…

Read more →

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 5.4), relates to a case of insufficient authorization of linked device synchronization messages.…

Read more →

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs, are listed below – CVE-2025-53693 – HTML cache poisoning through unsafe reflections CVE-2025-53691 – Remote code execution (RCE) through insecure deserialization CVE-2025-53694 –

Read more →

Generating exploits with AI and large language models shrinks the time to target software flaws, giving security teams scant time to patch. Can enterprises adapt?

Read more →