Category: Cyber Security News

Over the past year, security teams have observed an uptick in adversaries leveraging native Windows Scheduled Tasks to maintain footholds in compromised environments. Unlike elaborate rootkits or zero-day exploits, these techniques exploit built-in system functionality, enabling threat actors to persist…

Read more →

Shortly after the May 2025 rollout of 107 Copilot Agents in Microsoft 365 tenants, security specialists discovered that the “Data Access” restriction meant to block agent availability is being ignored.  Key Takeaways1. The “NoUsersCanAccessAgent” policy is bypassed, leaving some Copilot…

Read more →

The National Institute of Standards and Technology (NIST) has officially released NIST Special Publication 800-232, establishing the Ascon family of algorithms as the new standard for lightweight cryptography designed specifically for resource-constrained devices.  Published in August 2025, this groundbreaking standard…

Read more →

A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete system compromise.  The vulnerability, tracked as CVE-2025-26496 with a CVSS score of 9.6, affects multiple versions of both Tableau Server…

Read more →

A newly discovered macOS stealer, dubbed Mac.c, has surfaced on darknet forums, offering lightning-fast data exfiltration for just $1,500 per month. Developed by the threat actor “mentalpositive,” Mac.c is advertised as a streamlined alternative to the established AMOS stealer, targeting…

Read more →

On August 25, 2025, the world celebrates the 34th anniversary of Linux, marking one of the most significant milestones in computing history. What began as a humble hobby project by a 21-year-old Finnish student has evolved into the backbone of…

Read more →

A sophisticated malware strain known as KorPlug has emerged as a significant threat in the cybersecurity landscape, employing advanced obfuscation techniques to evade detection and complicate analysis efforts. This malware represents a particularly concerning development due to its implementation of…

Read more →

A sophisticated credential harvesting campaign has emerged, exploiting the trusted reputation of SendGrid to deliver phishing emails that successfully bypass traditional email security gateways. The attack leverages SendGrid’s legitimate cloud-based email service platform to create authentic-looking communications that target unsuspecting…

Read more →

A detailed proof-of-concept exploit and comprehensive vulnerability analysis have been released for CVE-2025-43300, a critical zero-click remote code execution flaw affecting Apple’s image processing infrastructure.  The vulnerability, discovered in Apple’s implementation of JPEG Lossless Decompression within the RawCamera.bundle, allows attackers…

Read more →

Microsoft is rolling out a significant new administrative control feature in mid-September 2025 that will enable IT administrators to manage organization-wide sharing permissions for user-built Copilot agents.  The feature addresses growing enterprise concerns about governance and security in AI agent…

Read more →

Incident response Tools or incident management software are essential security solutions to protect businesses and enterprises from cyber attacks. Our reliance on the internet is growing, and so make a threat to businesses, despite increased investments and expertise in cyber…

Read more →

This past week was packed with high-severity disclosures and active exploitation reports across the global threat landscape. At the forefront, Apple rushed out emergency patches for yet another zero-day vulnerability affecting iOS, iPadOS, and macOS devices. The flaw, reportedly being…

Read more →

Phishing has always been about deceiving people. But in this campaign, the attackers weren’t only targeting users; they also attempted to manipulate AI-based defenses. This is an evolution of the Gmail phishing chain I documented last week. That campaign relied…

Read more →

A significant data exposure has revealed hundreds of thousands of private user conversations with Elon Musk’s AI chatbot, Grok, in public search engine results. The incident, stemming from the platform’s “share” feature, has made sensitive user data freely accessible online,…

Read more →

A network monitoring tool is software or hardware that helps businesses monitor their computer networks and learn more about their security, health, and performance. These tools record and examine network traffic, monitor network hardware, and give users immediate access to…

Read more →

Microsoft is investigating a significant service incident within Exchange Online, identified as EX1137017, which is preventing some users from sending or receiving emails through the Outlook mobile application. The issue, which remains ongoing, specifically impacts customers utilizing Hybrid Modern Authentication…

Read more →

A significant data exposure has revealed hundreds of thousands of private user conversations with Elon Musk’s AI chatbot, Grok, in public search engine results. The incident, stemming from the platform’s “share” feature, has made sensitive user data freely accessible online,…

Read more →

Microsoft has officially confirmed that its August 2025 security update is causing significant performance problems for users of NDI (Network Device Interface) technology. Content creators, broadcasters, and IT professionals who installed the update are reporting severe lag, stuttering, and choppy…

Read more →

Microsoft has announced significant restrictions on email sending capabilities for organizations using default onmicrosoft.com domains, implementing a throttling system that limits external email delivery to 100 recipients per organization every 24 hours.  The policy change, announced through the Exchange Team…

Read more →

A method to silently exfiltrate Windows secrets and credentials, evading detection from most Endpoint Detection and Response (EDR) solutions. This technique allows attackers who have gained an initial foothold on a Windows machine to harvest credentials for lateral movement across…

Read more →