Hackers exploit a Sitecore zero-day (CVE-2025-53690) to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution (RCE).
Category: Security
Global Security News, Security
Salesloft: March GitHub repo breach led to Salesforce data theft attacks
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. […]
fraud, Global Security News, malware, Security
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity…
Global Security News, Security
Action1 vs. Microsoft WSUS: A Better Approach to Modern Patch Management
With WSUS deprecated, it’s time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now! […]
AI Cybersecurity, Artificial Intelligence (AI), Cisco Zero Trust, Global Security News, Security, Security for AI
Zero Trust in the Era of Agentic AI
AI agents use the same networking infrastructure as users and apps. So security solutions like zero trust should evolve to protect agentic AI communications.
AI Cybersecurity, Artificial Intelligence (AI), Cisco Zero Trust, Global Security News, Security, Security for AI
Zero Trust in the Era of Agentic AI
AI agents use the same networking infrastructure as users and apps. So security solutions like zero trust should evolve to protect agentic AI communications.
AI Cybersecurity, Artificial Intelligence (AI), Cisco Zero Trust, Global Security News, Security, Security for AI
Zero Trust in the Era of Agentic AI
AI agents use the same networking infrastructure as users and apps. So security solutions like zero trust should evolve to protect agentic AI communications.
ClickFix, cyber attack, Global Security News, malware, Scams and Fraud, Security
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…
Asia Pacific, Breaking News, china, Global Security News, hacking, intelligence, Security
Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies
Venezuela’s President Maduro shows Huawei Mate X6 gift from China’s President Xi Jinping, hailing it as “unhackable” by U.S. spies. Last week, Venezuelan President Nicolás Maduro showcased a Huawei Mate X6 smartphone, reportedly gifted by China’s President Xi Jinping, claiming that US cyber spies cannot hack it. Venezuelan President Maduro said that his device is…
Asia Pacific, Breaking News, Cyber warfare, Global Security News, intelligence, Security
Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure
Czech cybersecurity agency NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices. The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones,…
cyber attack, cyber attacks, Cybersecurity, Global Security News, Google, Security
Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens
Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.
Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, Security
Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qantas cuts executive bonuses by 15% after a July data breach MeetC2 – A serverless C2…
Global Security News, Security
iCloud Calendar abused to send phishing emails from Apple’s servers
iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. […]
Asia Pacific, Global Security News, Government, Security
Czech cyber agency warns against Chinese tech in critical infrastructure
The Czech Republic’s National Cyber and Information Security Agency (NUKIB) is instructing critical infrastructure organizations in the country to avoid using Chinese technology or transferring user data to servers located in China. […]
Global Security News, Security
VirusTotal finds hidden malware phishing campaign in SVG files
VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware. […]
Global Security News, Security
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
Investigations into the Nx “s1ngularity” NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. […]
cyber attack, Cybersecurity, Global Security News, Pathlock, S/4HANA, Security
Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers
Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your…
cyber attack, Cybersecurity, Global Security News, Security
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.
Breaking News, Global Security News, hacking, information security news, IT Information Security, Security
MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel
MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams…
cyber attack, cyber attacks, Cybersecurity, Global Security News, Security
Bridgestone Confirms Cyberattack Disrupting North American Plants
Bridgestone confirms a cyberattack that disrupted manufacturing plants. This article details the impact on employees, expert analysis, and…
Breaking News, Exploits, Global Security News, hacking, hacking news, Security
Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation
Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software. A critical command injection vulnerability, tracked as CVE-2025-42957 (CVSS score of 9.9), in SAP S/4HANA is under active exploitation. An attacker can exploit this flaw to fully compromise SAP systems, altering databases, creating superuser accounts, and stealing password hashes. “SAP…
Global Security News, Microsoft, Security
Microsoft now enforces MFA on Azure Portal sign-ins for all tenants
Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. […]
Global Security News, Security
Financial services firm Wealthsimple discloses data breach
Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. […]
Global Security News, Security
Max severity Argo CD API flaw leaks repository credentials
An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. […]
cyber attack, Cybersecurity, Global Security News, Security
Chess.com Hit by Limited Data Breach Linked to 3rd-Party File Transfer Tool
Chess.com confirms a limited data breach affecting 4,500 users after a third-party file transfer tool was compromised. No…
Global Security News, Security
Don’t let outdated IGA hold back your security, compliance, and growth
Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations, streamlined governance, and built-in compliance. […]
Global Security News, Security
Critical SAP S/4HANA vulnerability now exploited in attacks
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. […]
Artificial Intelligence, Cybersecurity, Elon Musk, Global Security News, malware, Security
Scammers Exploit Grok AI With Video Ad Scam to Push Malware on X
Researchers at Guardio Labs have uncovered a new “Grokking” scam where attackers trick Grok AI into spreading malicious…
Breaking News, Exploits, Global Security News, hacking, Security
U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Sitecore, Android, and Linux to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-38352 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability CVE-2025-48543 Android Runtime…
Breaking News, cyber crime, Cybercrime, Global Security News, malware, Security
SVG files used in hidden malware campaign impersonating Colombian authorities
VirusTotal uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system. VirusTotal researchers uncovered a phishing campaign using SVG files with hidden JavaScript to deploy fake Fiscalía General de la Nación login pages in Colombia and spread malware. VirusTotal noticed that, despite being outdated, SWF files are still abused in attacks.…
APT28, backdoor, cyber attack, Global Security News, malware, Security
Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook
APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.
Artificial Intelligence, Cybersecurity, Global Security News, Google, Microsoft, Security
Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms
A new security vulnerability called ‘Model Namespace Reuse’ allows attackers to hijack AI models on Google, Microsoft, and…
Exploits, Global Security News, Security
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. […]
education, Global Security News, Security
Texas sues PowerSchool over breach exposing 62M students, 880k Texans
Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. […]
Global Security News, Security
Chess.com discloses recent data breach via file transfer app
Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. […]
Exploits, Global Security News, Security
New TP-Link zero-day surfaces as CISA warns other flaws are exploited
TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. […]
Global IT News, Global Security News, Security
Barracuda Threat Analysis: Sophisticated Phishing on the Rise
Attackers using the Tycoon phishing-as-a-service kit have been discovered employing new techniques to hide malicious links in phishing emails, according to Barracuda’s latest 2025 Threat Spotlight. Hiding malicious links using obscure characters, invisible spaces Barracuda’s threat analysts have observed attackers using the Tycoon phishing kit with new URL-encoding tricks, such as inserting invisible spaces into…
Global Security News, Security
France slaps Google with €325M fine for violating cookie regulations
The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users’ emails without their consent. […]
Global Security News, Security
6 browser-based attacks all security teams should be ready for in 2025
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. […]
Global Security News, North America, Security
Tire giant Bridgestone confirms cyberattack impacts manufacturing
Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. […]
CryptoCurrency, Global Security News, malware, Security
New Malware Uses Windows Character Map for Cryptomining
Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…
Exploits, Global Security News, Security
AI Agents Expose New Cybersecurity Risks, Radware Warns
Autonomous AI agents are beginning to operate across enterprise networks in ways that traditional security controls are not built to handle, according to new research from Radware’s threat intelligence team. The company’s report, The Internet of Agents: The Next Threat Surface, warns that agent ecosystems powered by large language models (LLMs) are already creating an…
Global Security News, Microsoft, Security
Microsoft says recent Windows updates cause app install issues
Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. […]
cyber attack, cyber crime, Global Security News, Security
Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak
Scattered Lapsus$ Hunters threaten Google, demanding that two security experts, Austin Larsen of Google’s Threat Intelligence Group and Charles Carmakal of Mandiant, be fired or they will leak alleged stolen Google data.
Breaking News, Exploits, Global Security News, hacking, hacking news, internet of things, Security
Severe Hikvision HikCentral product flaws: What You Need to Know
Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring. Security researchers warn of three vulnerabilities impacting Hikvision HikCentral, which is a centralized management software used across many industries for video surveillance, access control, and integrated security operations. The three vulnerabilities are: CVE-2025-39245 – Base score:…
0day, CISA, Cybersecurity, Global Security News, Security, Spyware
CISA Adds TP-Link Wi-Fi and WhatsApp Spyware Flaws to KEV List
CISA updates its KEV List with TP-Link Wi-Fi extender and WhatsApp spyware flaws, urging users and agencies to…
Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security
U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2023-50224 (CVSS score of 6.5) TP-Link TL-WR841N Authentication Bypass by…
Artificial Intelligence, Global Security News, Security
Threat actors abuse X’s Grok AI to spread malicious links
Threat actors are using Grok, X’s built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. […]
cyber attack, cyber attacks, Cybersecurity, Global Security News, Jaguar Land Rover, Security
Jaguar Land Rover Cyberattack Disrupts Production and Sales Operations
Jaguar Land Rover is restoring systems after a cyberattack disrupted production and sales, with a hacker group previously…
Global Security News, Security
US offers $10 million bounty for info on Russian FSB hackers
The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. […]
Artificial Intelligence, Exploits, Global Security News, Security
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. […]
Global Security News, Security
US sues robot toy maker for exposing children’s data to Chinese devs
The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children’s geolocation data without their knowledge and parental consent. […]
Android, Breaking News, Exploits, Global Security News, Google, hacking, Security
Google addressed two Android flaws actively exploited in targeted attacks
Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks. Google has released security updates to address 120 Android vulnerabilities as part of Android Security Bulletin – September 2025. Two of these vulnerabilities have been exploited in targeted attacks. “There are indications that the following may be under limited, targeted…
Global Security News, Security
Police disrupts Streameast, largest pirated sports streaming network
The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world’s largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. […]
Global Security News, Security
SaaS giant Workiva discloses data breach after Salesforce attack
Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. […]
CloudFlare, cyber attack, cyber attacks, Cybersecurity, Global Security News, Security
Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps
Cloudflare mitigated the largest DDoS attack ever recorded, an 11.5 Tbps flood that lasted 35 seconds without disrupting…
Global Security News, Security, Tools & Platforms
Westcon-Comstor Partners With 1Password to Close Access-Trust Gap
Westcon-Comstor, a global technology provider and IT distributor, has recently announced a distribution agreement with 1Password, the innovator behind Extended Access Management (XAM). The partnership aims to accelerate enterprise adoption of 1Password’s XAM technology and help organizations close the Access-Trust Gap posed by unmanaged devices. EMEA-wide agreement strengthens distributor’s identity security portfolio The collaboration will…
Exploits, Global Security News, Google, Mobile, Security
Google fixes actively exploited Android flaws in September update
Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws. […]
Global Security News, Security
Disney to pay $10M to settle claims it collected kids’ data on YouTube
Disney will pay $10 million to settle claims by the U.S. Federal Trade Commission that it mislabeled videos for children on YouTube, which allowed the collection of kids’ personal information without their consent or notification to their parents. […]
Global Security News, Security
They know where you are: Cybersecurity and the shadow world of geolocation
Geolocation is the invisible attack vector. From Stuxnet to today’s APTs, malware now lies dormant until it hits the right place—turning location data into a weapon. Acronis’ TRU explains why defenses must evolve beyond VPNs and perimeter controls. […]
Global IT News, Global Security News, Security, Tools & Platforms
Sophos Bundles Endpoint Protection Into Taegis MDR and XDR
Global security technology company Sophos has integrated its endpoint protection with all Taegis Managed Detection and Response (MDR) and Extended Detection and Response (XDR) subscriptions. The company stated that the inclusion comes at no additional charge and is available to both new and existing Taegis customers. The move arrives after Sophos completed its acquisition of…
Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security
U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2020-24363 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability CVE-2025-55177 Meta Platforms WhatsApp…
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Conference Hopping: Training Attendee Scanning Def Con
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Driving Cisco XDR Integration With Third-Party Partners at Black Hat
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Cisco Secure Firewall: SnortML at Black Hat USA 2025
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Black Hat Investigation: Attempted Exploitation of Registration Server
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
The Value of PCAP in Firewall Investigations
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Black Hat USA 2025: 10 Years Protecting Black Hat
Cisco is a proud partner of the Black Hat NOC (Network Operations Center), as the Official Security Cloud Provider, celebrating our 10th year protecting Black Hat, the longest of any partner. We work with other official providers to bring the hardware, software and engineers to build and secure the Black Hat USA network: Arista, Corelight,…
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Black Hat Training Attendees Scan Aviation Organization
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Securing DNS With Umbrella at Black Hat
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
Black Hat, Cisco Secure Access, Cisco Security Cloud, Global Security News, Security
Refining SSO at Black Hat USA
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.
data breach, Global Security News, Jeremiah Fowler, leaks, Security
Misconfigured Server Leaks 378GB of Navy Federal Credit Union Files
Cybersecurity researcher Jeremiah Fowler discovered an unsecured and misconfigured server exposing 378 GB of internal Navy Federal Credit…
ClickFix, Global Security News, malware, Scams and Fraud, Security
Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam
A new and clever ClickFix scam is using a fake AnyDesk installer and Windows search to bypass security,…
Breaking News, cyber crime, Exploits, Global Security News, malware, Security
Android droppers evolved into versatile tools to spread malware
Android droppers now spread banking trojans, SMS stealers, and spyware, disguised as government or banking apps in India and Asia. ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia. Google’s Pilot Program enhances Play Protect by scanning Android…
Breaking News, Cybercrime, Global Security News, hacking, hacking news, Security
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft
Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over the weekend, and it also impacted systems at the Solihull production plant. UK dealers reported…
Global Security News, Security
Hackers breach fintech firm in attempted $130M bank heist
Hackers tried to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank’s real-time payment system (Pix). […]
CloudFlare, cyber attacks, Cybersecurity, data breach, Global Security News, Security
Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift
Cloudflare confirms a Salesforce-linked data breach via Salesloft Drift, exposing customer support case data but leaving core systems…
Global IT News, Global Security News, Security
Palo Alto Networks, Zscaler Among Victims of Salesforce Hack
Last week, a widespread supply chain attack exposed customers’ contact information through compromised Salesforce credentials linked to compromised OAuth tokens associated with Salesloft Drift, an AI-powered, third-party application that integrates with Salesforce databases for sales workflow automation. Top security vendors confirm data breach and notify affected customers Palo Alto Networks and Zscaler have confirmed that…
Global Security News, Security
Cloudflare hit by data breach in Salesloft Drift supply chain attack
Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. […]
Breaking News, CloudFlare, cyber crime, Global Security News, hacking, Security
Cloudflare blocked a record 11.5 Tbps DDoS attack
Cloudflare blocked a record 11.5 Tbps DDoS attack, a UDP flood from Google Cloud, part of weeks-long assault waves. Cloudflare announced on X that it had blocked the largest ever DDoS attack, peaking at 11.5 Tbps. The UDP flood, mainly from Google Cloud, was part of a wave of attacks that lasted several weeks. Cloudflare…
Global Security News, Security
Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps
Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps). […]
cyber attack, cyber attacks, data breach, Exploits, Global Security News, OAuth, Security
Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches
Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at…
Global Security News, Security
Jaguar Land Rover says cyberattack ‘severely disrupted’ production
Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. […]
Global Security News, Government, Security
Pennsylvania AG Office says ransomware attack behind recent outage
The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage. […]
Global Security News, Security
Palo Alto Networks data breach exposes customer info, support tickets
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. […]
Cisco Duo, Exploits, Global Security News, Multi-Factor Authentication (MFA), Security
Closing the Backdoor in TACACS+: Why Full-Session Encryption Matters More Than Ever
Attackers exploited weak TACACS+ encryption to steal credentials and evade detection. Learn how Cisco ISE with TLS 1.3 and Duo MFA closes these backdoors.
AI, Artificial Intelligence, Global Security News, leaks, privacy, Security
Leaked ChatGPT Chats: Users Treat AI as Therapist, Lawyer, Confidant
Leaked ChatGPT chats reveal users sharing sensitive data, resumes, and seeking advice on mental health, exposing risks of…
APT, cyber attack, Cybersecurity, Global Security News, malware, Security
Silver Fox APT Exploits Signed Windows Driver to Deliver ValleyRAT
Check Point reports Silver Fox APT using a signed WatchDog driver flaw to disable Windows security and deliver…
Cybersecurity, Global Security News, Security, SOC, Threat Intelligence
How Live Threat Intelligence Cuts Cybersecurity Expenses
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
AI, Artificial Intelligence, chatbot, Cybersecurity, Exploits, Global Security News, Security
Hidden Commands in Images Exploit AI Chatbots and Steal Data
Hidden commands in images can exploit AI chatbots, leading to data theft on platforms like Gemini through a…
Breaking News, cyber crime, Cybercrime, data breach, Exploits, Global Security News, Security
Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info
Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise. Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat…
cyber attack, Cybersecurity, Global Security News, malware, Security
North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign.…
Global Security News, Security
Zscaler data breach exposes customer info after Salesloft Drift compromise
Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. […]
Global Security News, Security
Amazon disrupts Russian APT29 hackers targeting Microsoft 365
Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. […]
Breaking News, cyber crime, Global Security News, malware, Security
Crooks exploit Meta malvertising to target Android users with Brokewell
Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. “Bitdefender researchers recently uncovered a wave of malicious ads on Facebook…
Artificial Intelligence (AI), Global Security News, Security, Security for AI
Detecting Exposed LLM Servers: A Shodan Case Study on Ollama
We uncovered 1,100+ exposed Ollama LLM servers—20% with open models—revealing critical security gaps and the need for better LLM threat monitoring.
Amazon, AWS, cyber attacks, Global Security News, Security
Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication
Amazon has disrupted a Russian APT29 watering hole campaign that used compromised sites to target Microsoft authentication with…
APT, Global Security News, hacking, malware, Security
North Korea’s APT37 deploys RokRAT in new phishing campaign against academics
ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…
Global Security News, Security
BSI: Bei Digital-Produkten auch auf Ausfallrisiken achten
srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?quality=50&strip=all 2496w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=300%2C172&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=768%2C441&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=1024%2C587&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=1536%2C881&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=2048%2C1175&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=1215%2C697&quality=50&strip=all 1215w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=293%2C168&quality=50&strip=all 293w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=146%2C84&quality=50&strip=all 146w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=837%2C480&quality=50&strip=all 837w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=627%2C360&quality=50&strip=all 627w, https://b2b-contenthub.com/wp-content/uploads/2025/02/Bildschirmfoto-2025-02-24-um-14.59.14.png?resize=436%2C250&quality=50&strip=all 436w” width=”1024″ height=”587″ sizes=”auto, (max-width: 1024px) 100vw, 1024px”>Das BSI empfiehlt Nutzern von digitalen Produkten darauf zu achten, wie der Hersteller mit Sicherheitsrisiken umgeht. KorArkaR – Shutterstock.com Das Bundesamt für Sicherheit in der…
Global Security News, Security
Brokewell Android malware delivered through fake TradingView ads
Cybercriminals are abusing Meta’s advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. […]