CISA released one Industrial Control Systems (ICS) advisory on September 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-268-01 Dingtian DT-R002 CISA encourages users and administrators to review newly released ICS advisories…
Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata
Volvo North America disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit third-party supplier Miljödata. Volvo NA disclosed a data breach that exposed the personal data of its employees after a ransomware…
New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware
A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without…
Hackers Leverage GitHub Notifications to Mimic as Y Combinator to Steal Funds from Wallets
Cybercriminals have orchestrated a sophisticated phishing campaign exploiting GitHub’s notification system to impersonate the prestigious startup accelerator Y Combinator, targeting developers’ cryptocurrency wallets through fake funding opportunity notifications. The attack leverages GitHub’s issue tracking system to mass-distribute phishing notifications, bypassing…
When Airports Go Dark: What The Weekend’s Cyber-attacks Tell Us About Business Risk
Varun Uppal, founder and CEO of Shinobi Security Over the weekend, airports across Europe were thrown into chaos after a cyber-attack on one of their technology suppliers rippled through airline… The post When Airports Go Dark: What The Weekend’s Cyber-attacks…
Salesforce AI Hack Enabled CRM Data Theft
Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak. The post Salesforce AI Hack Enabled CRM Data Theft appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
New SVG-based phishing campaign is a recipe for disaster
Another phishing campaign using SVG files to trick targets. This delicious-looking recipe turns out to hide malicious code. This article has been indexed from Malwarebytes Read the original article: New SVG-based phishing campaign is a recipe for disaster
Insight Partners Ransomware Attack Exposes Data of Thousands of Individuals
Insight Partners, a New York-based venture capital and private equity firm, is notifying thousands of individuals that their personal information was compromised in a ransomware attack. The firm initially disclosed the incident in February, confirming that the intrusion stemmed…
Jaguar Land Rover Extends Production Halt After Cybersecurity Breach
Tata Motors-owned luxury carmaker Jaguar Land Rover (JLR) has announced an extended production pause until Wednesday, 1 October 2025, due to the ongoing impact of a cybersecurity attack that disrupted operations earlier this month. “Today we have informed colleagues,…
New York Blood Center Data Breach Exposes Nearly 200,000 Records
The New York Blood Center Enterprises (NYBCe) has reported a major cybersecurity incident that compromised the personal information of nearly 194,000 people. The breach occurred between January 20 and January 26, 2025, when an unauthorized party gained access to…
Critical Vulnerability in Salesforce AgentForce Exposed
Critical flaw ForcedLeak in Salesforce’s AgentForce allows CRM data theft via prompt injection This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Vulnerability in Salesforce AgentForce Exposed
Cyber insurance could greatly reduce losses from diversification, mitigation measures
A report by CyberCube shows the global market is heavily concentrated in the U.S. and would benefit from expanding into new segments and improving cyber hygiene. This article has been indexed from Cybersecurity Dive – Latest News Read the original…
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data
Cybersecurity firm Noma Security reveals ForcedLeak, a critical flaw in Salesforce Agentforce that allowed data theft. Learn what companies need to do now to secure AI agents. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech,…
BQTLOCK Ransomware Attacking Windows Users Via Telegram to Encrypt Files and Delete Backup
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since mid-July, affiliates of the service have been distributing a ZIP archive containing a malicious executable…
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. The post XCSSET evolves again: Analyzing the latest updates to XCSSET’s…
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt…
Malicious AI Agent Server Reportedly Steals Emails
The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild” This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious AI Agent Server Reportedly Steals Emails
Critical infrastructure operators putting more insecure industrial equipment on the internet
The problem isn’t limited to legacy technology. New devices are coming online with critical vulnerabilities. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Critical infrastructure operators putting more insecure industrial equipment on the…
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀 Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data
Chinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with the Ministry of State Security (MSS) and active since at least 2019, Salt Typhoon has…
Choosing the Right C3PAO for Your CMMC Level 2 Certification
If you’re aiming for CMMC Level 2 certification, choosing the right C3PAO (Certified Third-Party Assessment Organization) is one of the most important decisions you’ll make. Here’s what you need to… The post Choosing the Right C3PAO for Your CMMC Level…
PyPI Warns Users of Fresh Phishing Campaign
Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites. The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Chatbots and Children in the Digital Age
The rapid evolution of the digital landscape, especially in the area of social networking, is likely to have an effect on the trend of children and teens seeking companionship through artificial intelligence. This raises some urgent questions about the safety…
Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors
Vietnamese phishing campaign evolves from Python infostealer to PureRAT trojan This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors