Chocolate Factory fixes issue, pays only $5K A researcher has exposed a flaw in Google’s authentication systems, opening it to a brute-force attack that left users’ mobile numbers up for grabs.… This article has been indexed from The Register –…
Tag: EN
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application…
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Security researchers uncover critical flaws and widespread misconfigurations in Salesforce’s industry-specific CRM solutions. The post Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Five…
Critical Vulnerability Patched in SAP NetWeaver
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges. The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
FBI Alert: Play Ransomware Attacks 900 Organizations
In a recent joint cybersecurity advisory released with its Australian partners, the FBI announced that the Play ransomware group has attacked over 900 organizations since May 2025. “As of May 2025, FBI was aware of approximately 900 affected entities allegedly…
Getty Images Sues Stability AI for Using Its Photos to Train AI Models
Getty Images accuses Stability AI of illegally using its content to train AI models in a high-stakes London… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Getty Images…
Indian Authorities Bust Cybercriminals Posing as Microsoft Tech Support
India’s Central Bureau of Investigation (CBI), the nation’s federal law enforcement agency, launched a sweeping operation targeting cyber-enabled financial fraud networks. Raids at 19 locations across India dismantled a sophisticated tech support scam operation impersonating Microsoft, primarily victimizing older adults…
CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH server implementations that allows attackers to execute arbitrary commands without authentication. The vulnerability, designated as CVE-2025-32433, has been added to CISA…
Mirai botnets exploit Wazuh RCE, Akamai warned
Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai warned. Akamai researchers warn that multiple Mirai botnets exploit the critical remote code execution vulnerability CVE-2025-24016 (CVSS score of 9.9) affecting Wazuh servers. Wazuh is…
DanaBot Malware C2 server Vulnerability Exposes Threat Actor Usernames & Crypto Keys
A critical memory leak vulnerability in the DanaBot malware’s command and control infrastructure has exposed sensitive operational data belonging to cybercriminals, revealing threat actor identities, cryptographic keys, and victim information spanning nearly three years of malicious operations. The vulnerability, dubbed…
M&S online ordering system operational 46 days after cyber shutdown
A milestone in cyberattack recovery – but deliveries will take a while and normal service not yet back UK retailer Marks & Spencer has reinstated online orders for some customers, marking a major milestone in its recovery from a cyberattack…
Sensitive Information Stolen in Sensata Ransomware Attack
Sensor manufacturer Sensata said a ransomware group had access to its network for more than a week and stole personal information. The post Sensitive Information Stolen in Sensata Ransomware Attack appeared first on SecurityWeek. This article has been indexed from…
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Google has stepped in to address a security flaw that could have made it possible to brute-force an account’s recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher “brutecat,” leverages an…
OpenAI Annual Revenues Double To $10bn
OpenAI says its annual recurring revenues reach $10bn, nearly double the $5.5bn it made last year, as AI race intensifies This article has been indexed from Silicon UK Read the original article: OpenAI Annual Revenues Double To $10bn
Malicious Actors Exploit SoraAI’s Popularity & GitHub to Distribute Malware
Threat actors are leveraging the growing popularity of OpenAI’s Sora, a cutting-edge video generation model, to distribute malicious software. Disguised as a legitimate shortcut file named “SoraAI.lnk,” this information-stealing malware mimics the branding of Sora to trick users into initiating…
Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)
Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned. What is Wazuh? Wazuh is a popular open-source security information and event management (SIEM) and extended detection and…
The Evolution of Linux Binaries in Targeted Cloud Operations
Using data from machine learning tools, we predict a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files. The post The Evolution of Linux Binaries in Targeted Cloud Operations appeared first on Unit 42. This article…
SAP Security Patch Day: 14 Vulnerabilities Resolved Across Various Products
SAP’s June 10, 2025 Security Patch Day delivered critical security updates addressing 14 distinct vulnerabilities across the enterprise software portfolio. The security notes span severity levels from Critical (CVSS 9.6) to Low (CVSS 3.0), encompassing core platform components, business applications,…
Malware Deployment Campaigns: ‘Librarian Ghouls’ APT Group Targets Organizations
The Advanced Persistent Threat (APT) group known as “Librarian Ghouls,” also tracked as “Rare Werewolf” and “Rezet,” has been actively targeting organizations across Russia and the Commonwealth of Independent States (CIS) with highly sophisticated malware deployment campaigns. Active through May…
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser
Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more Security researchers managed to access the live feeds of 40,000 internet-connected cameras worldwide and they may have only scratched the surface of what’s possible.… This article…