Monthly Archives: August 2025

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed...

30
Aug
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS...

30
Aug
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be...

29
Aug
Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering...

29
Aug
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged...

29
Aug
Can Your Security Stack See ChatGPT? Why Network Visibility Matters

Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While...

29
Aug
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page

Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security...

29
Aug
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX...

29
Aug
Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain

Authorities from the Netherlands and the United States have announced the dismantling of an illicit...

29
Aug
Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations

Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift...

29
Aug
TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to...

29
Aug
Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat...

28
Aug
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks...

28
Aug
Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices
August 28, 2025

The NIST National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST...

Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec

Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in...

28
Aug
Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate...

28
Aug
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

The maintainers of the nx build system have alerted users to a supply chain attack...

28
Aug
U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh...

28
Aug
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks

The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to...

27
Aug
Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed...

27
Aug
NIST NCCoE Secure Software Development (DevSecOps) Virtual Event
August 27, 2025

Overview Join the NIST National Cybersecurity Center of Excellence (NCCoE) on August 27, 2025 for...

Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence...

27
Aug
ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of...

27
Aug
Second Seminar on Building an In-Space Circular Economy
August 27, 2025

About the Event Key topics will include commercialization, investment and financing, and insurance for on-orbit...

NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases
August 27, 2025

The catalog revision is part of NIST’s response to a recent Executive Order on strengthening...

The 5 Golden Rules of Safe AI Adoption

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and...

27
Aug
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to...

27
Aug
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known...

27
Aug
Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway,...

26
Aug
New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

A team of academics has devised a novel attack that can be used to downgrade...

26
Aug