Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors and signage. This new mode ensures that the dreaded Blue Screen of Death (BSOD) and other disruptive error dialogs are hidden from view on non-interactive…
Salesforce Instances Hacked via Gainsight Integrations
The infamous ShinyHunters hackers have targeted customer-managed Gainsight-published applications to steal data from Salesforce instances. The post Salesforce Instances Hacked via Gainsight Integrations appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Salesforce Instances…
ZTE Launches ZXCSec MAF security solution for large model
A multi-layered security framework protecting large-model applications from adversarial threats, data leakage, API abuse, and content risks Partner Content At MWC Shanghai 2025, ZTE has officially launched its ZXCSec MAF product, a dedicated application-layer security protection device specifically designed for…
Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware
Security researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated cyberattack campaign targeting Microsoft Windows Server Update Services (WSUS) infrastructure. The attackers are exploiting a critical remote code execution vulnerability tracked as CVE-2025-59287 to deploy ShadowPad, a notorious backdoor…
Clop Ransomware Claims Oracle Breach Using E-Business Suite 0-Day
The notorious Clop ransomware gang, also known as Graceful Spider, has listed Oracle Corporation on its dark web leak site, claiming to have successfully breached the technology giant’s internal systems. This alarming development represents a significant escalation in the group’s…
Salesforce Confirms Customer Data Was Exposed in Gainsight Breach
Salesforce has identified unusual activity involving applications published by Gainsight that are connected to the Salesforce platform. The company’s investigation revealed that this suspicious activity resulted in unauthorized access to specific customer data stored in Salesforce environments. Upon discovery, Salesforce…
Operation DreamJob Attacks on Manufacturing via WhatsApp Web
Operation DreamJob, a longstanding North Korean cyberespionage campaign, has once again demonstrated its lethal effectiveness by targeting manufacturing organizations through deceptive job-related messages delivered via WhatsApp Web. In August 2025, Orange Cyberdefense’s CyberSOC and CSIRT investigated an intrusion targeting an…
Critical Grafana Flaw Lets Attackers Escalate Privileges
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0 (Critical), affects Grafana…
New Onapsis platform updates enhance visibility and protection across SAP landscapes
Onapsis introduced a series of new updates to its Onapsis Control product line, advancing security capabilities across SAP and cloud ERP application development environments. These enhancements include integration with SAP Continuous Integration and Delivery (CI/CD), expanded Git repository support to…
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a…
Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
Sturnus Android Trojan captures encrypted chats and hijacks devices Canadian regulators say schools share blame for PowerSchool hack Bill reintroduced to bolster cybersecurity at Securities and Exchange Commission Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn’t catching…
IT Security News Hourly Summary 2025-11-21 09h : 7 posts
7 posts were published in the last hour 8:4 : Apple Launches £220 ‘Sock’ Carrying Case For iPhone 7:34 : Salesforce Confirms that Customers’ Data Was Accessed Following the Gainsight Breach 7:34 : Authorities Sanctioned Russia-based Bulletproof Hosting Provider for…
Apple Launches £220 ‘Sock’ Carrying Case For iPhone
Apple sells sock-like carrying case for iPhone designed with fashion brand Issey Miyake, which has previous link to Steve Jobs This article has been indexed from Silicon UK Read the original article: Apple Launches £220 ‘Sock’ Carrying Case For iPhone
Salesforce Confirms that Customers’ Data Was Accessed Following the Gainsight Breach
Salesforce has issued a critical security alert identifying “unusual activity” involving Gainsight-published applications connected to customer environments. The CRM giant’s investigation indicates that this activity may have enabled unauthorized access to Salesforce data through the applications’ external connections. In an…
Authorities Sanctioned Russia-based Bulletproof Hosting Provider for Supporting Ransomware Operations
The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions against Media Land. This Russia-based bulletproof hosting company provides infrastructure to ransomware and other cybercriminals. The U.S. Federal Bureau of Investigation also coordinated the action…
OpenAI Releases GPT-5.1-Codex-Max that Performs Coding Tasks Independently
OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The new system represents a significant leap in agentic AI capabilities, enabling machines to work on coding projects with minimal human intervention. GPT-5.1-Codex-Max operates differently from…
SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks. The vulnerability was internally discovered and reported by SonicWall’s security team. The flaw, tracked as CVE-2025-40601,…
Heisenberg Dependency Health Check – GitHub Action for Supply Chain Risk
Heisenberg Dependency Health Check is a GitHub Action that flags risky or newly introduced dependencies in pull requests using supply-chain signals. This article has been indexed from Darknet – Hacking Tools, Hacker News & Cyber Security Read the original article:…
Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice
Overview Recently, NSFOCUS CERT detected that Fortinet issued a security bulletin to fix the FortiWeb authentication bypass and command injection vulnerability (CVE-2025-64446/CVE-2025-58034); Combined exploitation can realize unauthorized remote code execution. At present, the vulnerability details and PoC have been made…
Research shows identity document checks are missing key signals
Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how attackers are pushing past old defenses and how detection models are struggling to keep…
How one quick AI check can leak your company’s secrets
In this Help Net Security video, Dinesh Nagarajan, Global Partner, Cyber Security Services at IBM Consulting, walks through a situation in which an employee shared production source code with a public AI tool. The tool learned from the code, including…
What insurers really look at in your identity controls
Insurers judge organizations by the strength of their identity controls and by how consistently those controls are applied, according to a new Delinea report. CISOs are entering a market that rewards maturity and penalizes gaps that once passed without scrutiny.…
Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity
Salesforce has warned of detected “unusual activity” related to Gainsight-published applications connected to the platform. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,” the company said in an advisory.…
Major CloudFlare Outages, Black Friday Phishing Surge, AI Privacy Breach at Ontario Hospital, and Salesforce Data Theft Investigation
In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. CloudFlare faced significant outages affecting major platforms like Amazon and YouTube, along with continued issues for Microsoft 365 users. NordVPN warned of a surge in fake…