Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root privileges. CVE ID Vulnerability Type Affected Product Impact CVE-2025-64446…
CrowdStrike Fires Employee for Leaking Internal System Info to Hackers
Cybersecurity giant CrowdStrike has terminated an employee who allegedly shared sensitive internal system information with a notorious hacking collective. The incident involved the leak of internal screenshots posted on a public Telegram channel operated by the threat group known as…
Hackers Use Salesforce Gainsight Breach to Access Data from More Than 200 Companies
Salesforce has disclosed a significant security incident involving unauthorized access to customer data through compromised Gainsight-published applications. The breach, detected in mid-November 2025, potentially exposed sensitive information from over 200 organizations that use the customer success platform integrated with Salesforce.…
CISA Issues Warning as Hackers Target Oracle Identity Manager RCE Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Oracle vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world attacks. The bug, tracked as CVE-2025-61757, affects Oracle Identity Manager,…
GlobalLogic Moves to Protect Workforce After Oracle-related Data Theft
A new disclosure that underscores the increasing sophistication of enterprise-level cyberattacks underscores the need to take proactive measures against them. GlobalLogic has begun notifying more than ten thousand of its current and former employees that their personal information was…
DanaBot Malware Resurfaces With New Variant After Operation Endgame Disruption
Despite a coordinated international takedown earlier this year, the DanaBot malware has returned with a newly upgraded version, signaling yet another resurgence of a threat that has repeatedly evaded permanent shutdown. The fresh discovery comes roughly six months after…
GlobalLogic Moves to Protect Workforce After Oracle-Related Data Theft
A new disclosure that underscores the increasing sophistication of enterprise-level cyberattacks underscores the need to take proactive measures against them. GlobalLogic has begun notifying more than ten thousand of its current and former employees that their personal information was…
65% of Top AI Companies Leak Secrets on GitHub
Leading AI companies continue to face significant cybersecurity challenges, particularly in protecting sensitive information, as highlighted in recent research from Wiz. The study focused on the Forbes top 50 AI firms, revealing that 65% of them were found to…
The Security Landscape of Mobile Apps in Africa
CyLab-Africa researchers partner with mobile security provider for summer collaboration experience Researchers from CyLab-Africa and the Upanzi Network recently partnered with the mobile security provider Approov to explore the security of common financial services apps used across Africa. After surveying 224 popular financial applications,…
US Border Patrol Is Spying on Millions of American Drivers
Plus: The SEC lets SolarWinds off the hook, Microsoft stops a historic DDoS attack, and FBI documents reveal the agency spied on an immigration activist Signal group in New York City. This article has been indexed from Security Latest Read…
U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a an Oracle Fusion Middleware flaw, tracked as CVE-2025-61757 (CVSS score of 9.8), to its Known…
ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach
A sophisticated supply chain attack has reportedly compromised data across hundreds of organizations, linking the breach to a critical integration between customer success platform Gainsight and CRM giant Salesforce. The notorious hacking collective ShinyHunters is claiming responsibility for the intrusion,…
IT Security News Hourly Summary 2025-11-22 09h : 2 posts
2 posts were published in the last hour 8:2 : CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability 8:2 : Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8),…
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects…
Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination
A former IT contractor from Ohio has admitted to launching a cyberattack against his employer’s network in retaliation for being terminated, federal prosecutors announced this week. Maxwell Schultz, 35, of Columbus, Ohio, pleaded guilty to computer fraud charges after leading…
Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities
The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewall (WAF). This module chains two recently disclosed flaws, CVE-2025-64446 and CVE-2025-58034, to achieve unauthenticated Remote Code Execution (RCE) with root privileges. The release follows reports of…
MY TAKE: Carol Sturka declares ‘I have agency!’ — Big Tech’s AI models now testing that claim
It was a tense moment in Episode 4 of Pluribus, the Apple TV series about a world linked by a single intelligence. Related: Mistaking pattern mastery for wisdom A character named Carol Sturka, surrounded by a seemingly benevolent collective ……
Understanding Cybersecurity Threats: Insights from Intelligence Experts
In this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major…
IT Security News Hourly Summary 2025-11-22 06h : 5 posts
5 posts were published in the last hour 5:4 : CrowdStrike Fires Insider for Sharing Internal System Details with Hackers 5:4 : What makes NHIs support systems more secure 5:4 : How NHIs are tailored to handle specific enterprise needs…
CrowdStrike Fires Insider for Sharing Internal System Details with Hackers
Cybersecurity giant CrowdStrike has confirmed the termination of an insider who allegedly provided sensitive internal system details to a notorious hacking collective. The incident, which came to light late Thursday and Friday morning, involved the leak of internal screenshots on…
What makes NHIs support systems more secure
How Do Non-Human Identities Transform Security Frameworks? How can organizations maneuver to ensure their support systems remain impenetrable? The answer lies in Non-Human Identities (NHIs). While more businesses migrate to cloud-based environments, the management of NHIs becomes pivotal in securing…
How NHIs are tailored to handle specific enterprise needs
Are Non-Human Identities (NHIs) the Missing Piece in Your Enterprise’s Cybersecurity Strategy? Organizations are increasingly reliant on Non-Human Identities (NHIs) for managing security and access needs. But how exactly do NHIs address specific enterprise needs, and what strategic role do…
How can I ensure secure interactions between Agentic AI systems?
What Are Non-Human Identities in Cybersecurity, and How Can They Be Managed? How can organizations ensure robust security for their machine identities, commonly known as Non-Human Identities (NHIs)? These identities are critical in protecting sensitive data and maintaining a secure…