Security Issues, Vulnerabilities, Exploits & Government Alerts
Aug 29, 2025Ravie LakshmananData Breach / Salesforce Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations.…
Aug 29, 2025Ravie LakshmananMalware / Windows Security Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. “The objective is…
Aug 28, 2025Ravie LakshmananMalware / Ransomware Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs…
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors. “While these actors…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series CPU module Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: GE Vernova Equipment: CIMPLICITY Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Saitel DR RTU, Saitel DP RTU Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could…
Aug 28, 2025The Hacker NewsCloud Security / Generative AI Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem…
Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average…
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities. “Malicious…