Cybersecurity
-
Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices
Source: Dark ReadingRead more: Chinese APT Drops ‘Brickstorm’ Backdoors on Edge DevicesThe China-linked cyber-espionage group UNC5221 is now targeting network appliances that cannot run traditional Endpoint Detection and Response (EDR) agents.…
-
Cisco warns of ASA firewall zero-days exploited in attacks
Source: BleepingComputerRead more: Cisco warns of ASA firewall zero-days exploited in attacksCisco has issued a warning about two zero-day vulnerabilities in its firewall software that are being actively exploited. Customers are…
-
Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules
Source: CyberScoopRead more: Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rulesA Senate report reveals that DOGE is circumventing cybersecurity measures at three federal agencies. The findings raise significant concerns about…
-
Amazon pays $2.5 billion to settle Prime memberships lawsuit
Source: BleepingComputerRead more: Amazon pays $2.5 billion to settle Prime memberships lawsuitAmazon has agreed to a $2.5 billion settlement over allegations of using dark patterns to enroll users in its Prime…
-
Salesforce AI Hack Enabled CRM Data Theft
Source: SecurityWeekRead more: Salesforce AI Hack Enabled CRM Data TheftA recent attack known as ForcedLeak exploited prompt injection and an expired domain to steal data from Salesforce. This incident…
-
Malicious Rust packages on Crates.io steal crypto wallet keys
Source: BleepingComputerRead more: Malicious Rust packages on Crates.io steal crypto wallet keysTwo malicious packages found on Rust’s official crate repository have garnered nearly 8,500 downloads. These packages have the capability to…
-
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Source: The Hacker NewsRead more: Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt InjectionA significant vulnerability in Salesforce Agentforce could enable attackers to exfiltrate sensitive CRM data. This flaw, known as ForcedLeak, has…
-
Cisco uncovers new SNMP vulnerability used in attacks on IOS devices
Source: CyberScoopRead more: Cisco uncovers new SNMP vulnerability used in attacks on IOS devicesCisco Systems has released security updates to tackle a critical vulnerability in its IOS and IOS XE systems, which is…
-
PyPI Warns Users of Fresh Phishing Campaign
Source: SecurityWeekRead more: PyPI Warns Users of Fresh Phishing CampaignThreat actors are impersonating PyPI to deceive users into verifying their emails. This scam directs users to malicious websites designed…
-
Contain or be contained: The security imperative of controlling autonomous AI
Source: CyberScoopRead more: Contain or be contained: The security imperative of controlling autonomous AIThe CEO of Owl Cyber Defense highlights the importance of minimizing direct human interaction in secure AI systems. This perspective…