ShadowV2 Botnet Exposes Rise of DDoS-as-a-service Platforms
A new campaign that combines traditional malware with modern DevOps tooling has been observed by cybersecurity analysts. The ShadowV2 DDoS…
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part…
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could…
Iranian Hacking Group Nimbus Manticore Expands European Targeting
A long-running cyber-espionage campaign tied to Iran has intensified its operations in Europe. The group, known as Nimbus Manticore, has a…
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation
Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of…
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service…
Organizations Must Update Defenses to Scattered Spider Tactics, Experts Urge
Organizations must urgently update their defenses to protect against tactics deployed by the Scattered Spider hacking collective this year,…
How to Gain Control of AI Agents and Non-Human Identities
We hear this a lot: "We've got hundreds of service accounts and AI agents running in the background. We didn't create most of them. We don't…
Microsoft Entra ID Exposed: Actor Token Flaw Enables Stealthy Global Admin Takeove
A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed…
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any…
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak…
Intel’s Arc GPUs Are Safe, But a “Murky Future” Looms
With NVIDIA’s announcement of a $5 billion investment in Intel and confirmation that the two companies will jointly develop…
Why Outdated Corporate Networks Are Analogous to the Aging U.S. Highway System
“Necessity is the mother of invention” has never been more fitting—whether you’re talking about America’s…
Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control
A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant…
SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift
SolarWinds has issued a security advisory regarding a major Salesforce data breach that exposed sensitive information from numerous companies…
Critical CVEs in Chaos-Mesh Enable In-Cluster Code Execution
Multiple CVEs in the Chaos-Mesh platform have been discovered, including three critical vulnerabilities that allow in-cluster attackers to run…
Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault…
Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets
For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a…
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead…
Bridging the Cybersecurity Talent Gap
There’s no doubt about it. Cybersecurity incidents are rising. In 2024, the FBI reported a 9% increase in ransomware…
OpenAI’s New Grove Incubator Is Building the Next Generation of AI Startups
OpenAI recently unveiled its internal incubation initiative, OpenAI Grove. Unlike traditional startup accelerators or incubator programs,…
Phishing Campaigns Drop RMM Tools for Remote Access
Malicious actors are using multiple lures in new phishing campaigns designed to install remote monitoring and management (RMM) software onto…
Microsoft Copilot to Be Powered by Two AIs: OpenAI and Now Anthropic
Ddos September 11, 2025 The Information has reported that Microsoft is preparing to announce, within the coming weeks, the integration of…
KillSec Ransomware Hits Brazilian Healthcare IT Vendor
A ransomware attack claimed by the group KillSec has disrupted MedicSolution, a software provider serving Brazil’s healthcare sector. On…
The September 2025 Security Update Review
There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe…
Microsoft September 2025 Patch Tuesday – 81 Vulnerabilities Fixed Including 22 RCE
Microsoft has released its September 2025 Patch Tuesday updates, addressing a total of 81 security vulnerabilities across its product suite.…
Exploring Key Technology Trends for 2024
Fast forward to today, and the importance of staying current with the latest tech trends can’t be overstated – it’s the…
Salty2FA Phishing Kit Unveils New Level of Sophistication
A phishing campaign leveraging the Salty2FA kit has been uncovered by cybersecurity researchers, revealing advanced techniques that highlight…
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks…
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
A major data theft campaign targeting Salesforce data via the Salesloft Drift app began after threat actors compromised a key GitHub account,…
Qualys, Tenable Latest Victims of Salesloft Drift Hack
Cybersecurity providers Tenable and Qualys are the latest in a growing list of companies affected by a significant supply chain attack…
GhostAction Supply Chain Attack Compromises 3000+ Secrets
Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already stolen more than…
Another Ryzen 9000 CPU Burnout: What’s Really Going On?
Ddos September 1, 2025 Earlier this year, reports emerged of Asrock motherboards paired with processors such as the 9800X3D suffering…
WhatsApp warns of 'attack against specific targeted users'
Infosec In brief A flaw in Meta’s WhatsApp app “may have been exploited in a sophisticated attack against specific targeted…
CVE-2025-8077 (CVSS 9.8): CRITICAL Flaw in NeuVector Exposes Kubernetes Clusters to Full Takeover
Ddos September 1, 2025 The SUSE Rancher Security Team has issued a critical security advisory for NeuVector, an open-source container security…
CVE-2024-58259: DoS Flaw in Rancher Manager Allows Unauthenticated Attackers to Crash Servers
Ddos September 1, 2025 The SUSE Rancher Security Team has issued a security advisory addressing a high-severity vulnerability in Rancher…
Week in review: 300k+ Plex Media Server instances still vulnerable to attack, exploited Git RCE flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server…
Ten Cloud-Agnostic Cybersecurity Tips for Protecting Your Data Across Platforms
When it comes to rapidly scaling operational processing power and expanding digital storage, cloud platform solutions are unmatched. Offering…
Innovator Spotlight: ManageEngine
Unifying IT Management and Security with ManageEngine In today’s digital landscape, IT can feel like juggling flaming torches, one…
Cloudflare Launches MCP Server Portals – A Unified Gateway to All MCP Servers
Cloudflare today launched MCP Server Portals in open beta, a groundbreaking capability designed to centralize, secure, and observe all Model…
Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a…
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the…