Four Kenyan filmmakers became victims of sophisticated surveillance when FlexiSPY spyware was covertly installed on their devices while in police custody, according to forensic analysis conducted by the University of Toronto’s Citizen Lab. The incident occurred on or around May…
Category: EN
Lessons from Salesforce/Salesloft Drift Data Breaches – Detailed Case Study
The Salesloft Drift data breaches of August 2025 stand as one of the most significant supply chain attacks in SaaS history, demonstrating how a single compromised integration can cascade into widespread organizational exposure. This sophisticated campaign, staged by the threat…
L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks
In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an initial 1.33 million compromised devices, employed HTTP GET floods to exhaust server resources and circumvent…
Threat Actors Leveraging Open-Source AdaptixC2 in Real-World Attacks
In early May 2025, security teams began observing a sudden rise in post-exploitation activity leveraging an open-source command-and-control framework known as AdaptixC2. Originally developed to assist penetration testers, this framework offers a range of capabilities—file system manipulation, process enumeration, and…
Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called “gross cybersecurity negligence” that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks. “Without timely…
Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity
Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content. To that end, support for C2PA’s…
CISA Launches Roadmap for the CVE Program
The US cybersecurity agency called for the CVE program to remain publicly maintained and vendor-neutral while emphasizing the need for broader engagement This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Launches Roadmap for the CVE Program
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 1, 2025 to September 7, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀 Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…
New Google AppSheet Phishing Scam Deliver Fake Trademark Notices
A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: New Google…
4 ways machines will automate your business – and it’s no hype, says Gartner
Gartner’s annual Hype Cycle report says more business decisions and transactions will be handled by machines in the coming years. This article has been indexed from Latest news Read the original article: 4 ways machines will automate your business –…
OpenAI’s fix for hallucinations is simpler than you think
A new research paper details why models make stuff up – and how to fix it across the industry. This article has been indexed from Latest news Read the original article: OpenAI’s fix for hallucinations is simpler than you think
Anti-DDoS outfit walloped by record packet flood
FastNetMon says 1.5 Gpps deluge from hijacked routers, IoT kit nearly drowned scrubbing shop A DDoS mitigation provider was given a taste of the poison it tries to prevent, after being smacked by one of the largest packet-rate attacks ever…
Siemens SIMATIC Virtualization as a Service (SIVaaS)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow…
Siemens SIMOTION Tools
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Siemens SINAMICS Drives
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Siemens Industrial Edge Management OS (IEM-OS)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
France says Apple notified victims of new spyware attacks
The French government says Apple sent out threat notifications to customers alerting them to spyware attacks earlier in September. This article has been indexed from Security News | TechCrunch Read the original article: France says Apple notified victims of new…
Microsoft’s ‘Gross Cybersecurity Negligence Threatens National Security’
Roasting Redmond for Kerberoasting: “Like an arsonist selling firefighting services,” quips this 76-year-old. The post Microsoft’s ‘Gross Cybersecurity Negligence Threatens National Security’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Microsoft’s…
Fileless Malware Deploys Advanced RAT via Legitimate Tools
A sophisticated fileless malware campaign has been observed using legitimate tools to deliver AsyncRAT executed in memory This article has been indexed from www.infosecurity-magazine.com Read the original article: Fileless Malware Deploys Advanced RAT via Legitimate Tools