Cybersecurity firm Noma Security reveals ForcedLeak, a critical flaw in Salesforce Agentforce that allowed data theft. Learn what companies need to do now to secure AI agents. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech,…
Category: EN
BQTLOCK Ransomware Attacking Windows Users Via Telegram to Encrypt Files and Delete Backup
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since mid-July, affiliates of the service have been distributing a ZIP archive containing a malicious executable…
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. The post XCSSET evolves again: Analyzing the latest updates to XCSSET’s…
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt…
Malicious AI Agent Server Reportedly Steals Emails
The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild” This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious AI Agent Server Reportedly Steals Emails
Critical infrastructure operators putting more insecure industrial equipment on the internet
The problem isn’t limited to legacy technology. New devices are coming online with critical vulnerabilities. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Critical infrastructure operators putting more insecure industrial equipment on the…
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀 Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data
Chinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with the Ministry of State Security (MSS) and active since at least 2019, Salt Typhoon has…
Choosing the Right C3PAO for Your CMMC Level 2 Certification
If you’re aiming for CMMC Level 2 certification, choosing the right C3PAO (Certified Third-Party Assessment Organization) is one of the most important decisions you’ll make. Here’s what you need to… The post Choosing the Right C3PAO for Your CMMC Level…
PyPI Warns Users of Fresh Phishing Campaign
Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites. The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Chatbots and Children in the Digital Age
The rapid evolution of the digital landscape, especially in the area of social networking, is likely to have an effect on the trend of children and teens seeking companionship through artificial intelligence. This raises some urgent questions about the safety…
Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors
Vietnamese phishing campaign evolves from Python infostealer to PureRAT trojan This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors
Webshells Hiding in .well-known Places, (Thu, Sep 25th)
Ever so often, I see requests for files in .well-known recorded by our honeypots. As an example: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Webshells Hiding in .well-known Places, (Thu, Sep…
Building the IoTrain
While developing the Matter workshop for DEF CON, I wondered what fun IoT project I could create that looks catchy, works well with DEF CON visitors, and is within my capabilities. One day, while walking the baby stroller, I had…
Chainguard Libraries for JavaScript provides developers with malware-free dependencies
Chainguard released Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript dependencies that are malware-resistant and built from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source,…
Microsoft spots LLM-obfuscated phishing attack
Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code…
Digital Experience Monitoring and Endpoint Posture Checks Usage in SASE
In this article, I will go through the concepts of digital experience monitoring (DEM) and Endpoint Posture Checks and discuss how these essential capabilities are integrated into the SASE framework to enforce the zero trust principle. Together, these capabilities empower…
ShadowV2 and AWS: The Rise of Cloud-Native DDoS-for-Hire Attacks
ShadowV2 exploits AWS Docker flaws to deliver advanced DDoS-for-hire attacks. The post ShadowV2 and AWS: The Rise of Cloud-Native DDoS-for-Hire Attacks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: ShadowV2 and…
Onapsis enhances SAP security with latest platform updates
Onapsis announced updates to its Onapsis Platform, including the launch of three new capabilities: the SAP Notes Command Center, Rapid Controls for Dangerous Exploits, and Alert on Anything for SAP Business Technology Platform (BTP). Together, these enhancements provide organizations with…
Playing Offside: How Threat Actors Are Warming Up for FIFA 2026
Introduction Every four years, the World Cup captures the attention of billions. With that attention comes opportunity – not only for sponsors, broadcasters, and legitimate merchants, but also for adversaries who see in this spectacle a marketplace of deception. As…