Cybersecurity Today: The Good News Edition In this episode, host Jim Love addresses a previous mistake regarding the location of Yellowknife and announces a special ‘good news’ edition. Key stories include Microsoft’s dismantling of a global phishing-as-a-service operation Raccoon 0365,…
SolarWinds Issues Advisory Following Salesloft Drift Security Breach
SolarWinds Corporation has released an official security advisory in response to a significant data breach involving Salesforce systems. This resulted in unauthorized access to sensitive customer information through compromised OAuth tokens linked to the Salesloft Drift integration. Understanding the Breach…
0-Click ChatGPT Agent Flaw Exposes Gmail Data to Attackers
Researchers have discovered a critical zero-click vulnerability in ChatGPT’s Deep Research agent that allows attackers to silently steal sensitive Gmail data without any user interaction. This sophisticated attack leverages service-side exfiltration techniques, making it invisible to traditional security defenses and representing a significant escalation…
Shifting supply chains and rules test CPS security strategies
Cyber-physical systems are getting harder to protect as the business landscape keeps shifting. Economic pressures, supply chain changes, and new regulations are creating more openings for attackers while complicating how organizations manage security. A new report from Claroty, based on…
SolarWinds Releases Advisory on Salesloft Drift Security Incident
SolarWinds has released an advisory regarding a security incident involving the Salesloft Drift integration for Salesforce, which led to unauthorized data access. The company confirmed that its own systems were not impacted by the breach, but is treating the matter…
News alert: Palo Alto flags threats that evade Secure Web Gateways — echoing SquareX research
Palo Alto, Calif., Sept. 18, 2025, CyberNewswire: SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major SASE/SSE solutions and smuggle…
The unseen side of malware and how to find it
Security teams rely on threat reports to understand what’s out there and to keep their organizations safe. But a new report shows that these reports might only reveal part of the story. Hidden malware variants are quietly slipping past defenses,…
The real-world effects of EU’s DORA regulation on global businesses
In this Help Net Security video, Matt Cooper, Director of Governance, Risk, and Compliance at Vanta, discusses the EU’s Digital Operational Resilience Act (DORA) and its effects six months after it went into effect. DORA is the first EU-wide framework…
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization’s network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM). “Each set contains…
New infosec products of the week: September 19, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Absolute Security, Catchpoint, Nagomi Security, Neon Cyber, and QuSecure. Absolute Security Rehydrate restores compromised endpoints Rehydrate delivers business continuity endpoint restoration through a fully remote,…
ISC Stormcast For Friday, September 19th, 2025 https://isc.sans.edu/podcastdetail/9620, (Fri, Sep 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 19th, 2025…
ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT
Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail…
These Are the 15 New York Officials ICE and NYPD Arrested in Manhattan
More than a dozen elected officials were arrested in or around 26 Federal Plaza in New York City, where ICE detains people in what courts have ruled are unsanitary conditions. This article has been indexed from Security Latest Read the…
Authorizing access to data with RAG implementations
Organizations are increasingly using large language models (LLMs) to provide new types of customer interactions through generative AI-powered chatbots, virtual assistants, and intelligent search capabilities. To enhance these interactions, organizations are using Retrieval-Augmented Generation (RAG) to incorporate proprietary data, industry-specific…
How Enterprise SEO Solutions Improve Brand Authority
Now, especially in a very competitive environment, it is essential to make your name shine. Enterprise SEO solutions… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: How Enterprise…
The Messy Middle: Where SOC Automation Breaks (and How Morpheus AI Fixes It)
SOC automation breaks in the messy middle of triage and investigation. Learn how Morpheus AI fixes it with transparent, adaptive playbooks. The post The Messy Middle: Where SOC Automation Breaks (and How Morpheus AI Fixes It) appeared first on D3…
“Shai-Hulud” Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 18)
Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 18) appeared first on…
Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France
The Russian covert influence network CopyCop has significantly expanded its disinformation campaign, establishing over 200 new fictional media websites since March 2025. This expansion represents a marked escalation in Russian information warfare efforts, targeting democratic nations with sophisticated artificial intelligence-driven…
GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware
The cyberthreat landscape has witnessed the emergence of another sophisticated ransomware operation as GOLD SALEM, a new threat actor group also known as Warlock Group, has been actively compromising enterprise networks since March 2025. This emerging ransomware collective has successfully…
Entra ID Bug Could Have Exposed Every Microsoft Tenant
A flaw in Entra ID let attackers seize Microsoft tenants; learn how the patch and best practices protect cloud identity. The post Entra ID Bug Could Have Exposed Every Microsoft Tenant appeared first on eSecurity Planet. This article has been…
Contributors to the OpenSSL Library (August 2025)
Among the 91 PRs approved in August, 6 were from people who hadn’t contributed to OpenSSL’s code base until now. author date PR zl523856 2025-08-03 [RISC-V] Further optimization for AES-128-CBC decryption performance ChillerDragon 2025-08-04 Improve english in endian comment ritoban23…
How to Radically Cut Response Time for Each Security Incident
When an incident happens, there’s no time to waste. SOC teams must react fast to protect their organization, and this requires more than expertise. Strong solutions tailored to the needs of businesses can make all the difference. The secret to…
DEF CON 33: AIxCC With ShellPhish
Creators, Authors and Presenters: Silk Interviews Members ShellPhish Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference’s events located at the Las Vegas Convention Center; and via…
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from…