Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Aug 27, 2025Ravie LakshmananCloud Security / Threat Intelligence A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI)…

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims,…

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Aug 26, 2025Ravie LakshmananVulnerability / Remote Code Execution Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild.…

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

Aug 26, 2025Ravie LakshmananVulnerability / Mobile Security A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base…

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. “Instead of…

by CISA
August 26, 2025
Security News, Assessments & Alerts
9 min read

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type (‘Type Confusion’) 2. RISK EVALUATION Successful exploitation of…

Schneider Electric Modicon M340 Controller and Communication Modules

by CISA
August 26, 2025
Security News, Assessments & Alerts
3 min read

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could…

CISA Unveils Tool to Boost Procurement of Software Supply Chain Security

by CISA
August 26, 2025
Security News, Assessments & Alerts
2 min read

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Software Acquisition Guide: Supplier Response Web Tool, a no-cost, interactive resource designed to empower information technology (IT) and industry decision makers, procurement professionals and…

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and…

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Aug 26, 2025Ravie Lakshmanan Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. “A prominent characteristic of the latest variant is…

« Previous
1
…
62
63
64
65
66
…
411
Next »