Dynatrace has confirmed it was impacted by a third-party data breach originating from the Salesloft Drift application, resulting in unauthorized access to customer business contact information stored in its Salesforce CRM. The company confirmed that the incident was limited to…
Category: Cyber Security News
Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack
A severe vulnerability in Windows Defender’s update process allows attackers with administrator privileges to disable the security service and manipulate its core files. The technique, which leverages a flaw in how Defender selects its execution folder, can be carried out…
Progress OpenEdge AdminServer Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. The flaw, identified as CVE-2025-7388, allows for remote code execution (RCE) and affects multiple versions of the software, potentially enabling attackers to…
Venezuela’s Maduro Says Huawei Mate X6 Gift From China is Unhackable by U.S. Spies
In Caracas this week, President Nicolás Maduro unveiled the Huawei Mate X6 gifted by China’s Xi Jinping, declaring the device impervious to U.S. espionage efforts. The announcement coincides with heightened tensions between Washington and Beijing, as the United States enforces…
PoC Exploit Released for ImageMagick RCE Vulnerability – Update Now
A proof-of-concept (PoC) exploit has been released for a critical remote code execution (RCE) vulnerability in ImageMagick 7’s MagickCore subsystem, specifically affecting the blob I/O (BlobStream) implementation. Security researchers and the ImageMagick team urge all users and organizations to update immediately to prevent exploitation.…
PgAdmin Vulnerability Lets Attackers Gain Unauthorised Account Access
A significant security flaw has been discovered in pgAdmin, the widely used open-source administration and development platform for PostgreSQL databases. The vulnerability, tracked as CVE-2025-9636, affects all pgAdmin versions up to and including 9.7, potentially allowing remote attackers to gain…
Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution
Cybersecurity researchers have demonstrated a sophisticated technique for bypassing Web Application Firewalls (WAFs) using JavaScript injection combined with HTTP parameter pollution, exposing critical vulnerabilities in modern web security infrastructure. The research, conducted during an autonomous penetration test, revealed how attackers…
Apache Jackrabbit Exposes Systems To Arbitrary Code Execution Attacks
An important security vulnerability has been discovered in Apache Jackrabbit, a popular open-source content repository used in enterprise content management systems and web applications. This flaw could allow unauthenticated attackers to achieve arbitrary code execution (RCE) on servers running vulnerable…
Microsoft Azure Cloud Disrupted by Undersea Cable Cuts in Red Sea
Microsoft’s Azure cloud platform is facing significant disruptions after multiple undersea fiber optic cables were severed in the Red Sea. The US technology giant confirmed that users would experience delays and increased latency for services relying on internet traffic moving…
Salesloft Drift Cyberattack Linked to GitHub Compromise and OAuth Token Theft
A sophisticated supply-chain attack that impacted over 700 organizations, including major cybersecurity firms, has been traced back to a compromise of Salesloft’s GitHub account that began as early as March 2025. In an update on September 6, 2025, Salesloft confirmed…
Australian Authorities Uncovered Activities and Careers of Ransomware Criminal Groups
Ransomware has emerged as one of the most devastating cybercrime threats in the contemporary digital landscape, with criminal organizations operating sophisticated billion-dollar enterprises that target critical infrastructure across multiple nations. Between 2020 and 2022, ransomware groups conducted over 865 documented…
Atomic Stealer Disguised as Cracked Software Attacking macOS Users
A sophisticated malware campaign targeting macOS users has emerged, exploiting the widespread desire for free software to deliver the notorious Atomic macOS Stealer (AMOS). This information-stealing malware masquerades as cracked versions of popular applications, tricking unsuspecting users into compromising their…
U.S. Authorities Investigating Malicious Email Targeting Trade Talks with China
U.S. federal authorities have launched an investigation into a sophisticated malware campaign that targeted sensitive trade negotiations between Washington and Beijing. The attack, which surfaced in July 2025, involved fraudulent emails purportedly sent by Representative John Moolenaar, chairman of the…
How Microsoft Azure Storage Logs Aid Forensics Following a Security Breach
After a security breach, forensic investigators work quickly to follow the attacker’s trail. Security experts have analyzed this situation and found that a key source of evidence is often overlooked: Microsoft Azure Storage logs. While frequently overlooked, these logs provide…
Tenable Confirms Data Breach – Hackers Accessed Customers’ Contact Details
Tenable has confirmed a data breach that exposed the contact details and support case information of some of its customers. The company stated the incident is part of a broader data theft campaign targeting an integration between Salesforce and the…
Lazarus APT Hackers Using ClickFix Technique to Steal Sensitive Intelligence Data
The notorious Lazarus APT group has evolved its attack methodology by incorporating the increasingly popular ClickFix social engineering technique to distribute malware and steal sensitive intelligence data from targeted organizations. This North Korean-linked threat actor, internally tracked as APT-Q-1 by…
Weekly Cybersecurity News Recap : Palo Alto Networks, Zscaler, Jaguar Land Rover, and Cyber Attacks
Welcome to your weekly cybersecurity briefing. In a digital landscape where the only constant is change, this past week has been a stark reminder that vigilance is not just a best practice, but a necessity for survival. From corporate giants…
Top 10 Best AI Penetration Testing Companies in 2025
AI is no longer just a buzzword; it’s a fundamental part of business operations, from customer service chatbots to complex financial models. However, this adoption has created a new and specialized attack surface. Traditional penetration testing, which focuses on network…
10 Best Cloud Penetration Testing Companies in 2025
As more businesses migrate their infrastructure to the cloud, cloud penetration testing has become a critical service. Unlike traditional network tests, cloud pentesting focuses on unique attack vectors such as misconfigured services, insecure APIs, and overly permissive IAM (Identity and…
“GPUGate” Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload
A sophisticated malware campaign, dubbed “GPUGate,” abuses Google Ads and GitHub’s repository structure to trick users into downloading malicious software. The Arctic Wolf Cybersecurity Operations Center, the attack chain uses a novel technique to evade security analysis by leveraging a…