A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the…
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is…
TransUnion admits 4.5M affected after third-party support app breached
Credit agency offers own services as compensation Credit scoring and monitoring biz TransUnion says that it recently suffered a breach affecting nearly 4.5 million individuals.… This article has been indexed from The Register – Security Read the original article: TransUnion…
China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years
China-linked APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveillance reach. The post China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years appeared first on SecurityWeek.…
Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your…
Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch Telcos
Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers This article has been indexed from www.infosecurity-magazine.com Read the original article: Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch Telcos
IT Security News Hourly Summary 2025-08-28 15h : 12 posts
12 posts were published in the last hour 12:45 : Google Big Sleep AI Tool Finds Critical Chrome Vulnerability 12:45 : U.S. Treasury Sanctions North Korean IT Worker Network Funding Weapons Programs 12:45 : How I cut my monthly cloud…
FreePBX Servers Hit by 0-Day Exploit, Disable Internet Access Advised
FreePBX administrators worldwide have been urged to immediately disable public internet access to their systems after a critical 0-day vulnerability was discovered in the commercial Endpoint Manager module. The Sangoma FreePBX Security Team confirmed that attacker-controlled exploit code can gain…
You Can’t Protect What You Can’t See
A business ecosystem is a borderless entity. Where organizations operate across vast, global networks, achieving a comprehensive view of their digital operations is a major challenge. Security leads, faced with… The post You Can’t Protect What You Can’t See appeared…
Ransomware crooks knock Swedish municipalities offline for measly sum of $168K
Miljödata meltdown leaves 200 local authorities scrambling over 1.5 BTC Sweden’s municipal governments have been knocked offline after ransomware crooks hit IT supplier Miljödata, reportedly demanding the bargain-basement sum of $168,000.… This article has been indexed from The Register –…
Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33
Palo Alto, California, 28th August 2025, CyberNewsWire The post Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33 appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Breaking…
Orange Belgium Hit by Cyberattack Affecting 850,000 Customers
Orange Belgium, a major telecommunications provider and subsidiary of French telecom giant Orange Group, confirmed in August 2025 a significant cyberattack on its IT systems that resulted in unauthorized access to the personal data of approximately 850,000 customers. The…
Hackers Disclose Why They Targeted North Korean Government Hackers
In a stunning development in the history of cybersecurity, independent hackers managed to successfully break into the system of a North Korean government hacker, enabling them to expose the inner workings of one of the country’s most secretive cyber…
Malicious VS Code Extensions Exploit Name Reuse Loophole
Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious VS Code Extensions Exploit Name Reuse Loophole
Google Big Sleep AI Tool Finds Critical Chrome Vulnerability
Make sure your Chrome browser is updated to the latest version to stay protected. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Google Big Sleep AI Tool Finds…
U.S. Treasury Sanctions North Korean IT Worker Network Funding Weapons Programs
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Russian national Vitaliy Sergeyevich Andreyev, DPRK official Kim Ung Sun, Chinese entity Shenyang Geumpungri Network Technology Co., Ltd. DPRK-based Korea Sinjin Trading Corporation for…
How I cut my monthly cloud storage bill in half – with 5 tough decisions
I was storing 60TB in the cloud, but endless support battles and rising costs forced me to rethink everything. These five changes helped me save over $1200 a year. This article has been indexed from Latest news Read the original…
TransUnion says hackers stole 4.4 million customers’ personal information
The credit reporting giant confirmed unauthorized access to a third-party application storing the personal information of its customers. This article has been indexed from Security News | TechCrunch Read the original article: TransUnion says hackers stole 4.4 million customers’ personal…
NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs
NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are…
Cloudflare Launches MCP Server Portals – A Unified Gateway to All MCP Servers
Cloudflare today launched MCP Server Portals in open beta, a groundbreaking capability designed to centralize, secure, and observe all Model Context Protocol (MCP) connections in an organization. By routing every MCP request through a single portal endpoint, Cloudflare One customers…
“No place in our networks”: FCC hangs up on thousands of voice operators in robocall war
Everyone hates robocalls. However, it’s difficult to track down all the scammers and spammers that make them, so the Federal Communications… This article has been indexed from Malwarebytes Read the original article: “No place in our networks”: FCC hangs up…
Euro banks block billions in rogue PayPal direct debits after fraud glitch
US payments platform back in action, says it’s informing affected customers Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal’s fraud-detection systems.… This article has…
CrowdStrike to Acquire Onum to Fuel Falcon Next-Gen SIEM With Real-Time Telemetry
CrowdStrike says the acquisition will bring valuable technology to enhance its Falcon Next-Gen SIEM. The post CrowdStrike to Acquire Onum to Fuel Falcon Next-Gen SIEM With Real-Time Telemetry appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations
Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation that has…