Extortion Emails Sent to Executives by Self-Proclaimed Clop Gang Member
An individual or group of people claiming to be working with the Clop ransomware has been sending extortion emails to executives at several…
Expired US Cyber Law Puts Data Sharing and Threat Response at Risk
A critical US law that shields companies from legal liability when sharing cyber threat intelligence has expired after lawmakers failed to…
Forrester: Agentic AI-Powered Breach Will Happen in 2026
An agentic AI deployment will cause a publicly disclosed data breach next year, leading to employee dismissals, Forrester has predicted.…
Samsung and OpenAI Announce Strategic Alliance to Build Next-Generation Global AI Infrastructure
Samsung data breach Samsung has announced a strategic partnership with OpenAI to jointly advance the development of global AI infrastructure.…
Qualcomm Wins “Complete Victory” Over Arm in Major Chip Licensing Lawsuit
The long-standing licensing dispute between Qualcomm and Arm has finally reached its conclusion. On October 1, a U.S. District Court formally…
Django Security Alert: High-Severity SQL Injection Flaw (CVE-2025-59681) Fixed in Latest Updates
The Django team has issued new releases for the popular Python web framework, addressing two that could lead to SQL injection and directory…
Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
Navigating Holiday Threats: Strengthening PC Resilience with Desktops as a Service (DaaS)
The holiday season, often seen as a time for joy and celebration, has transformed into a crucial period for organizational cybersecurity. With…
Harrods Reveals Supply Chain Breach Impacting Online Customers
Luxury London department store Harrods has revealed that some of its e-commerce customers have had their personal information stolen via a…
SUSE Rancher Security Team Patches Three Vulnerabilities in Rancher Manager
The SUSE Rancher Team has issued fixes for three affecting Rancher Manager, with severities ranging from Medium to High. These could lead to…
Prompt Injection and Model Poisoning: The New Plagues of AI Security
You wake up. Your AI wakes up. Somewhere, a stranger types a sentence, and your AI listens. This is not science fiction. This is the…
Cybersecurity Weekly – Chrome 0-Day, 22.2 Tbps DDOS Attack, Kali Linux Release, Cisco IOS 0-Day and More
This week in cybersecurity was marked by a relentless pace of critical disclosures and unprecedented attack volumes, underscoring the…
Critical Salesforce Vulnerability ‘ForcedLeak’ Exposes AI Agent Risks in AgentForce
A recently disclosed security research report has revealed a severe vulnerability chain in Salesforce AgentForce, dubbed ForcedLeak, which…
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed…
2025 Ransomware Trends: How Australia’s Wealth Makes It a Prime Target
Australia’s strong economy and high per-capita wealth have made it a prime target for ransomware groups, with the country facing a…
New LockBit Ransomware Variant Emerges as Most Dangerous Yet
Trend Micro has identified a new LockBit ransomware variant that is “significantly more dangerous” than previous versions and is being…
Critical Security Flaws Grow with AI Use, New Report Shows
A sharp increase in hardware, API and network vulnerabilities is exposing organizations to new risks, according to Inside the Mind of a CISO…
Kawa4096: A New Ransomware Group with Akira-Style Branding and Qilin-Like Notes
In June 2025, a new ransomware group known as Kawa4096 surfaced, launching disruptive attacks against multinational organizations in finance,…
VMScape attack | Kaspersky official blog
A team of researchers at the Swiss Federal Institute of Technology in Zurich (ETH Zurich) has published a research paper demonstrating how a…
Why the Cybersecurity Talent Shortage is a Global Threat
In the era of digital transformation, where data flows across borders and devices, data security is paramount. Cyberattacks are no longer…
JWT Warfare: Obfuscation, Cracking, and Red Team Exploits | Cyber Codex
What is JWT?JWT (JSON Web Token) is a compact, URL-safe method of representing claims between two parties. It is used mostly in stateless…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
Researchers Uncover Link Between Belsen and ZeroSeven Cybercriminal Groups
Cybersecurity researchers have identified a potential connection between two Yemen-based cybercriminal organizations, the Belsen Group and…
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in…
GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware
The cyberthreat landscape has witnessed the emergence of another sophisticated ransomware operation as GOLD SALEM, a new threat actor group…
New York Blood Center Alerts 194,000 People to Data Breach
The New York Blood Center (NYBCe) has confirmed that nearly 194,000 people were affected by a data breach earlier this year. According to the…
SonicWall says attackers compromised some firewall configuration backup files
Between attackers exploiting 0-day and n-day vulnerabilities in the company’s firewalls and Secure Mobile Access appliances, SonicWall…
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting…
SonicWall Discloses Compromise of Cloud Backup Service
Cybersecurity vendor SonicWall has disclosed a security incident affecting its cloud backup service for firewalls. An investigation found that…
VC Firm Insight Partners Notifies Victims After Ransomware Breach
A leading venture capital (VC) firm has revealed more details of a 2024 ransomware breach that impacted thousands of individuals. Insight…
SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift
SolarWinds has issued a security advisory regarding a major Salesforce data breach that exposed sensitive information from numerous companies…
Phoenix (CVE-2025-6202): A New Rowhammer Attack Bypasses DDR5 Protections
Researchers from ETH Zurich have unveiled Phoenix, a new Rowhammer attack that successfully bypasses in-DRAM mitigations in all tested SK…
TaskUs Employees Behind Coinbase Breach, US Court Filing Alleges
A court filing has identified an employee at business process outsourcing firm TaskUs as the key conspirator in a large-scale data breach…
Protecting CISOs and CSOs in an Era of Personal Liability
Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) face unprecedented pressures, not only from the evolving threat…
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection…
Gucci and Alexander McQueen Hit by Customer Data Breach
Luxury fashion brands Gucci, Alexander McQueen and Balenciaga have suffered a customer data breach, in another attack linked to the…
Bridging the Cybersecurity Talent Gap
There’s no doubt about it. Cybersecurity incidents are rising. In 2024, the FBI reported a 9% increase in ransomware…
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
Background RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests…
FinWise Bank Warns of Insider Data Breach
A US fintech player has notified customers that their personal information may have been compromised after a former employee accessed it. The…
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)
The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable…
A CISO’s Guide to Managing Cyber Risk in Healthcare
Now more than ever before, our healthcare data is under attack. Of all of the sensitive information available on the dark web, medical records…
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two…