CRM giant denies security shortcomings as claims allege stolen data used for ID theft Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.… This article has been indexed from The Register –…
Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while continuing to target developers.… This…
In Other News: LockBit 5.0, Department of War Cybersecurity Framework, OnePlus Vulnerability
Other noteworthy stories that might have slipped under the radar: Co-op lost £206 million due to cyberattack, South Korean credit card company hacked, Maryland Transit Administration ransomware attack. The post In Other News: LockBit 5.0, Department of War Cybersecurity Framework,…
Chinese Cyberspies Hit US Defense Firms
A Chinese government-backed cyberespionage group, identified as RedNovember, has spent the past year compromising organizations across the globe The post Chinese Cyberspies Hit US Defense Firms first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original…
Indian Bank Transfer Records Exposed
Cybersecurity firm UpGuard discovered a publicly accessible Amazon cloud server in India that was leaking highly sensitive financial data. The post Indian Bank Transfer Records Exposed first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original…
Hidden WordPress Backdoors Create Admins
On a compromised WordPress website, two distinct malicious files were discovered, each crafted to create a hidden, persistent backdoor. The post Hidden WordPress Backdoors Create Admins first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original…
Google Warns of BRICKSTORM Malware
A group of hackers linked to the Chinese government has been caught infiltrating a wide range of US organizations, from technology The post Google Warns of BRICKSTORM Malware first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Fake PyPI Login Site Steals Credentials
The Python Software Foundation (PSF) has issued a warning to developers about a sophisticated phishing campaign aimed at users of the Python The post Fake PyPI Login Site Steals Credentials first appeared on CyberMaterial. This article has been indexed from…
Jaguar Land Rover begins phased restoration of services following cyberattack
The luxury automaker is working diligently to clear payment backlogs and resume the shipment of parts. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Jaguar Land Rover begins phased restoration of services following…
From Defense to Offense: Why Ambitious CISOs Are Becoming Founders
Once seen primarily as a technical gatekeeper, today’s chief information security officer (CISO) is a strategic leader responsible for safeguarding systems and ensuring the trust and continuity of the business…. The post From Defense to Offense: Why Ambitious CISOs Are…
Phishing Campaign Targets PyPI Maintainers with Fake Login Site
Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. The post Phishing Campaign Targets PyPI Maintainers with Fake Login Site appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Hackers exploit Fortra GoAnywhere flaw before public alert
watchTowr Labs says hackers exploited the Fortra GoAnywhere MFT flaw CVE-2025-10035 on Sept 10, 2025, a week before public disclosure. Cybersecurity firm watchTowr Labs revealed that it has ‘credible evidence’ that the critical Fortra GoAnywhere MFT flaw CVE-2025-10035 was actively…
GitLab High-Severity Vulnerabilities Let Attackers Crash Instances
GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances. These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints…
Postal Thief Arrested in Oregon
The case caught my eye with the headline in the Oregon Live trumpeting: “Mail theft suspect in Portland made daring 13th-floor balcony escape, later arrested” and saying that the suspect’s apartment contained ONE HUNDRED SEVENTY POSTAL KEYS! But Michael John…
‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug
Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra’s GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.… This article…
Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)
CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra urged…
LockBit’s new variant is ‘most dangerous yet,’ hitting Windows, Linux and VMware ESXi
Operation Cronos didn’t kill LockBit – it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is “significantly more dangerous” than past versions due to its newfound ability to…
Vietnamese Hackers Exploit Fake Copyright Notices to Spread ‘Lone None’ Stealer
Vietnamese hackers use fake copyright notices and Telegram-based malware to steal data and crypto in a growing phishing campaign. The post Vietnamese Hackers Exploit Fake Copyright Notices to Spread ‘Lone None’ Stealer appeared first on eSecurity Planet. This article has…
Interpol Says 260 Suspects in Online Romance Scams Have Been Arrested in Africa
The operation took place in July and August and focused on scams in which perpetrators build online romantic relationships to extract money from targets or blackmail them with explicit images, Interpol said. The post Interpol Says 260 Suspects in Online…
Vietnamese Hackers Exploit Fake Copyright Notices to Spread “Lone None” Stealer
Vietnamese hackers use fake copyright notices and Telegram-based malware to steal data and crypto in a growing phishing campaign. The post Vietnamese Hackers Exploit Fake Copyright Notices to Spread “Lone None” Stealer appeared first on eSecurity Planet. This article has…
Google and Flo to pay $56 million after misusing users’ health data
Flo Health and Google agreed to pay $56 million to settle lawsuits alleging the period-tracking app shared sensitive health data for ads. This article has been indexed from Malwarebytes Read the original article: Google and Flo to pay $56 million…
OpenAI Patches ChatGPT Gmail Flaw Exploited by Hackers in Deep Research Attacks
OpenAI has fixed a security vulnerability that could have allowed hackers to manipulate ChatGPT into leaking sensitive data from a victim’s Gmail inbox. The flaw, uncovered by cybersecurity company Radware and reported by Bloomberg, involved ChatGPT’s “deep research” feature.…
Malicious MCP Server Discovered Stealing Sensitive Emails Using AI Agents
Enterprises everywhere are embracing MCP servers—tools that grant AI assistants “god-mode” permissions to send emails, run database queries, and automate tedious tasks. But no one ever stopped to ask: Who built these tools? Today, the first real-world malicious MCP server—postmark-mcp—has…
How to Defend Against Credential Attacks with a Hybrid Mesh Architecture
Introduction Credential-based attacks have reached epidemic levels. The 2025 Verizon Data Breach Investigations Report (DBIR) underscores the trend: 22% of breaches now start with compromised credentials, while Check Point External Risk Management found that leaked credential volumes surged 160% year-over-year.…