Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The lis…
Shadow IT Is Expanding Your Attack Surface. Here’s Proof
Shadow IT – the systems your security team doesn’t know about – is a persistent challenge. Policies may ban them, but…
Cisco IMC Virtual Keyboard Video Monitor Let Attacker Direct User to Malicious Website
Cisco disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated…
TransUnion suffers data breach impacting over 4.4 million people
Update: Story updated with confirmation that this was another Salesforce data theft attack and the types of data stolen. Consumer credit…
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world,…
Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
Dutch intelligence agencies have revealed that the Chinese hacking group Salt Typhoon targeted organizations in the Netherlands. In a joint…
ShadowSilk Leveraging Penetration-Testing Tools, Public Exploits to Attack Organizations
ShadowSilk first surfaced in late 2023 as a sophisticated threat cluster targeting government entities across Central Asia and the broader…
UK and US Blame Three Chinese Tech Firms for Global Cyberattacks
A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked three…
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already…
You Can’t Protect What You Can’t See
A business ecosystem is a borderless entity. Where organizations operate across vast, global networks, achieving a comprehensive view of their…
Malicious VS Code Extensions Exploit Name Reuse Loophole
A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows…
Google Big Sleep AI Tool Finds Critical Chrome Vulnerability
Google has patched a critical graphics library vulnerability in the Chrome browser, discovered by its AI-powered detection tool, Google Big…
Cloudflare Launches MCP Server Portals – A Unified Gateway to All MCP Servers
Cloudflare today launched MCP Server Portals in open beta, a groundbreaking capability designed to centralize, secure, and observe all Model…
Nevada Confirms Ransomware Attack, State Data Stolen
A security incident impacting the state of Nevada has been confirmed to be a ransomware attack. Nevada’s chief information officer (CIO)…
Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a…
When Best Practices Aren’t Enough: UK Breaches Underscore the Importance of Compromise Assessments
Despite extensive guidance from national authorities, several prominent UK organizations have recently suffered significant cyber attacks.…
Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them
Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens…
Vulnerabilities in OpenSolution QuickCMS software
CVE ID CVE-2025-54540 Publication date 28 August 2025 Vendor OpenSolution Product QuickCMS Vulnerable versions 6.8 Vulnerability type (CWE)…
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the…
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
The UK, US and partners from across the globe have released a new report on the notorious Chinese APT group Salt Typhoon, claiming it has…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has…
Cisco Warns of High-Severity DoS Flaw (CVE-2025-20241) in Nexus Switches
Ddos August 28, 2025 Cisco Systems has published a security advisory detailing a high-severity denial-of-service (DoS) vulnerability affecting…
Chinese State Hackers Target Global Critical Infrastructure, NSA Warns
A coalition of cybersecurity and intelligence agencies from across the globe, including the United States National Security Agency (NSA), has…
Crypto Companies Freeze $47m in Romance Baiting Funds
Several cryptocurrency companies have come together to prevent nearly $50m stolen via “romance baiting” (pig butchering) scammers…
U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two…
Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure
A threat actor has destroyed data and backups following exfiltration in a victim’s Microsoft Azure environment in a novel cloud-based…
Someone Created First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.…
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion…
CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical…
NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow…
IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript
A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as…
Emulating the Expedited Warlock Ransomware
Introduction Warlock is a ransomware strain operating under the Ransomware-as-a-Service (RaaS) model that emerged in June 2025, following an…
PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309)
A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability…
28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide.…
CMMC 2.0 Final Rule Released – Get Prepared Now!
In a significant step to secure the defense industrial base (DIB), the Department of Defense (DoD) has officially released the…
Cross-domain Solutions: The Present and Future of a Growing Industry
Cross-domain solutions (CDS) consist of the secure exchange of information between security domains. This type of solution, which emerged as a…
Innovator Spotlight: CSide
August 27, 2025 Securing the Browser’s Blind Spot By Victoria Hargrove, CDM Reporter What CSide Does Most security stacks fortify…
New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices
A novel phishing campaign attempts to trick victims into downloading ConnectWise ScreenConnect remote monitoring and management (RMM)…
New Data Theft Campaign Targets Salesforce via Salesloft App
Salesforce customers have again been targeted in a “widespread data theft campaign,” this time via compromised OAuth tokens…
ENISA to Coordinate €36m EU-Wide Incident Response Scheme
The EU’s security agency is being given €36m ($42m) to handle incident response for major cyber-attacks targeting the bloc. ENISA…
Citrix Patches Three NetScaler Zero Days as One Sees Active Exploitation
Citrix has released patches for three zero-day vulnerabilities in NetScaler ADC and Gateway, one of which was already being exploited by…
ShadowSilk Campaign Targets Central Asian Governments
A series of cyber-attacks against government organizations in Central Asia and the Asia-Pacific has been linked to a threat cluster known as…
Nevada “Network Security Incident” Shuts Down State Offices and Services
The State of Nevada has been hit by a “network security incident,” which has resulted in the closure of government offices and…