Active Directory serves as the central repository for an organization’s authentication infrastructure, making it a prime target for sophisticated threat actors. The NTDS.dit database, which stores encrypted password hashes and critical domain configuration data, is the crown jewel of enterprise…
Category: EN
CISA Warns of Exploited GitLab Community and Enterprise SSRF Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical server-side request forgery (SSRF) vulnerability affecting GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2021-39935, is now confirmed to be under…
Fresh SolarWinds Vulnerability Exploited in Attacks
The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fresh SolarWinds Vulnerability…
Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks
Two IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week. The post Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Avast brings deepfake scam detection to Windows PCs and mobile devices
Avast announced the full international availability of Avast Scam Guardian and Scam Guardian Pro on mobile devices, alongside the launch of Avast Deepfake Guard on Windows PCs, a new AI-powered feature designed to proactively analyze and detect malicious audio in…
Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic
Apple released Xcode 26.3 with new agentic coding capabilities designed to let AI systems carry out development tasks inside the IDE. The release supports agents such as Anthropic’s Claude Agent and OpenAI’s Codex. Coding agents can break down tasks, make…
Phishing Campaigns Abuse Trusted Cloud Platforms, Raising New Risks for Enterprises
ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original…
Threat Actors Conduct Widespread Scanning for Exposed Citrix NetScaler Login Pages
A coordinated reconnaissance campaign targeting Citrix ADC (NetScaler) Gateway infrastructure worldwide. The operation used over 63,000 residential proxy IPs and AWS cloud infrastructure to map login panels and enumerate software versions, a clear indicator of pre-exploitation preparation. The scanning activity…
Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks
Wiz and Permiso have analyzed the AI agent social network and found serious security issues and threats. The post Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks appeared first on SecurityWeek. This article has been indexed…
Alert Fatigue: Why SOCs Are Fighting the Wrong Battle
Alert fatigue hides the real problem: Legacy SOC models can’t detect modern threats. Why alert-driven security fails and what replaces it. The post Alert Fatigue: Why SOCs Are Fighting the Wrong Battle appeared first on Security Boulevard. This article has…
Rebrand Cybersecurity from “Dr. No” to “Let’s Go”
Cybersecurity shouldn’t block mission outcomes. Cross Domain Solutions show how secure data access enables speed, trust and better decisions. The post Rebrand Cybersecurity from “Dr. No” to “Let’s Go” appeared first on Security Boulevard. This article has been indexed from…
Fingerprint enables enterprises to tell trusted AI agents apart from bots and scrapers
Fingerprint has released Authorized AI Agent Detection, its new ecosystem of AI agents, including OpenAI, AWS AgentCore, Browserbase, Manus and Anchor Browser. The ecosystem enables enterprises to detect authorized agentic AI traffic with 100% certainty, allowing organizations to distinguish trusted,…
Socure unifies identity, fraud, and program integrity for government at scale
Socure has released Socure for Government (SocureGov) RiskOS to help public sector organizations deliver simpler, faster, and more transparent digital identity verification and fraud prevention at scale. SocureGov RiskOS unifies identity proofing, fraud detection, and program integrity into a single…
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
Microsoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant’s Defender Security Research Team said it observed…
CISA Adds SolarWinds Web Help Desk RCE Flaw to Known Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability CVE‑2025‑40551 affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is rated critical because it enables remote code execution (RCE) and can be exploited without authentication. According…
Chrome Vulnerabilities Let Attackers Execute Arbitrary Code and Crash System
Google has released a critical security update for the Chrome Stable channel, addressing two high-severity vulnerabilities that expose users to potential arbitrary code execution (ACE) and denial-of-service (DoS) attacks. The update pushes the browser version to 144.0.7559.132/.133 for Windows and…
AI is Supercharging Work…and Your Attack Surface
AI boosts productivity, but weak data governance and shadow AI are expanding the enterprise attack surface. The post AI is Supercharging Work…and Your Attack Surface appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
Building a Zero-Trust Framework for Cloud Banking
Zero-trust architecture helps banks secure cloud environments, meet regulations, and scale innovation through identity-first security. The post Building a Zero-Trust Framework for Cloud Banking appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Detectify Internal Scanning finds and fixes vulnerabilities behind the firewall
Detectify has launched Internal Scanning, a solution that eliminates the visibility gap between external perimeters and internal environments, allowing security teams to discover and remediate vulnerabilities behind the firewall with the same speed and precision they apply to external assets.…
Metro bug, more social bans, leaky Moltbook
React Native Metro bug impacts thousands of servers Greece and Spain set to ban social media for kids Moltbook shows the dangers of vibe coding Get the show notes here: https://cisoseries.com/cybersecurity-news-metro-bug-more-social-bans-leaky-moltbook/ Huge thanks to our sponsor, Strike48 Security teams are…