For years, primarily driven by regulatory compliance mandates, such as the Sarbanes-Oxley Act of 2002, identity and access management has been treated as a regulatory compliance exercise, rather than the security exercise it should be — and simply checking off…
Category: EN
French Telco Orange Hit by Cyber-Attack
Some of Orange’s professional and consumer services may be disrupted for a few days because of the cyber incident This article has been indexed from www.infosecurity-magazine.com Read the original article: French Telco Orange Hit by Cyber-Attack
New XWorm V6 Variant with Anti-Analysis Features Targeting Windows Users in Active Attacks
Netskope Threat Labs has uncovered a new iteration of the XWorm malware, version 6.0, which demonstrates ongoing development by threat actors and introduces sophisticated enhancements aimed at evading detection and maintaining persistence on Windows systems. This variant builds upon previously…
Own a Samsung phone? Changing these 7 settings will drastically improve the battery life
Your Samsung phone may already hold a solid charge, but with a handful of smart setting changes, you can make that battery last even longer. This article has been indexed from Latest news Read the original article: Own a Samsung…
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject…
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44
Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. “The vulnerability we discovered was remarkably simple to exploit — by…
Lazarus Subgroup ‘TraderTraitor’ Targets Cloud Platforms and Contaminates Supply Chains
The North Korean state-sponsored advanced persistent threat (APT) known as TraderTraitor, a subgroup of the notorious Lazarus Group, has emerged as a formidable actor specializing in digital asset heists. Tracked under aliases such as UNC4899, Jade Sleet, TA444, and Slow…
Why Most IaC Strategies Still Fail (And How to Fix Them)
Infrastructure as Code (IaC) was supposed to solve the chaos of cloud operations. It promised visibility, governance, and the ability to scale infrastructure with confidence. But for many teams, the reality is far from ideal. Instead of clarity and control,…
Cyberattack on EC-Ship Platform Exposes Personal Data of Thousands
Hong Kong, China — A recent cyberattack on Hongkong Post’s online mailing system has resulted in a major data breach affecting tens of thousands of users. According to officials, the hacker managed to access sensitive contact information from the EC-Ship…
Allianz Life Data Breach Hits 1.4 Million Customers
Allianz Life Insurance confirms a July 2025 data breach impacting 1.4 million customers, financial pros and employees. Learn how social engineering exploited a third-party CRM, the hallmarks of Scattered Spider tactics, and the broader risks of supply chain vulnerabilities. This…
Telecom giant Orange warns of disruption amid ongoing cyberattack
The telecom giant, one of the largest in the world with customers in Europe and Africa, said customers are experiencing ongoing disruption to its services due to an unspecified hack. This article has been indexed from Security News | TechCrunch…
Saviynt Accelerates Global Expansion in Europe, Asia Pacific, Japan, and the Middle East
Identity security leader Saviynt has announced a major global expansion, opening new offices in London and Singapore, launching dedicated customer operations in Europe, and preparing for a significantly larger presence in India. The moves come amid growing demand for its…
SonicWall SMA100 Series N-day Vulnerabilities Technical Details Revealed
Multiple critical vulnerabilities affecting SonicWall’s SMA100 series SSL-VPN appliances, highlighting persistent security flaws in network infrastructure devices. The vulnerabilities, designated CVE-2025-40596, CVE-2025-40597, and CVE-2025-40598, demonstrate fundamental programming errors that enable pre-authentication attacks against firmware version 10.2.1.15. Key Takeaways1. Stack overflow,…
Critical CodeIgniter Vulnerability Exposes Million of Webapps to File Upload Attacks
A critical security vulnerability has been discovered in CodeIgniter4’s ImageMagick handler, exposing potentially millions of web applications to command injection attacks through malicious file uploads. The vulnerability, tracked as CVE-2025-54418, received a CVSS score of 9.8, indicating the highest severity…
Microsoft Teams New Meeting Join Bar Reminds You to Join Meeting On-time
Microsoft Teams is rolling out a significant enhancement to its meeting experience with the introduction of a new meeting join banner designed to streamline user access to scheduled meetings. The feature, identified by message code MC1115979, represents Microsoft’s continued effort…
SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak
Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents,…
Critical Authentication Flaw Identified in Base44 Vibe Coding Platform
Flaw in Base44 allowed unauthorized access to private apps, bypassing authentication systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Authentication Flaw Identified in Base44 Vibe Coding Platform
Attackers Actively Exploiting Critical Vulnerability in Alone Theme
On May 30th, 2025, we received a submission for an Arbitrary File Upload via Plugin Installation vulnerability in Alone, a WordPress theme with more than 9,000 sales. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files…
Unveiling the Lumma Password Stealer Attack: Infection Chain and Escalation Tactics Exposed
Lumma, a sophisticated C++-based information stealer, has surged in prevalence over recent years, posing significant risks to both individuals and organizations by exfiltrating sensitive data such as browser credentials, cryptocurrency wallets, and personal files. Developed since December 2022 and distributed…
I tested Dell’s XPS successor, and it beat my $3,000 Windows laptop in almost every way
Dell’s Premium 16 carries the XPS legacy forward, pairing high-end internals with a gorgeous 4K touch display in a refined, modern design. This article has been indexed from Latest news Read the original article: I tested Dell’s XPS successor, and…