🖋️ Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform XP that could be chained to achieve preauthenticated remote code execution. Sitecore Experience Platform is an enterpriseoriented software that provides users with tools for content management, digital marketing, and analytics and reports. The list of vulnerabilities, which are yet to be.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Backups Are Under Attack: How to Protect Your Backups 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Todays ransomware attacks initially target your last line of defense your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Taiwan Hit by Sophisticated Phishing Campaign 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Phishing campaign targeting Taiwan has been identified, using taxthemed emails and malware like Winos and HoldingHands.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
😱1
📔 Chained Flaws in Enterprise CMS Provider Sitecore Could Allow Remote Code Execution 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and LOral.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Microsoft Promises to Keep European Cloud Data in Europe 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Microsofts Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
The notorious cybercrime group known as Scattered Spider aka UNC3944 that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group GTIG. "Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity," John Hultquist, chief analyst.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet 🕵️♂️
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
A vulnerability in the popular Pythonbased tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data.📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Darkreading
Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
🕵️♂️ WestJet Airlines App, Website Suffer After Cyber Incident 🕵️♂️
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Though its operations are running smoothly, the airline warned customers and employees to exercise caution when sharing personal information online.📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Darkreading
WestJet App, Website Suffer After Cyber Incident
Though its operations are running smoothly, the airline warned customers and employees to exercise caution when sharing personal information online.
📢 23andMe 'failed to take basic steps' to safeguard customer data 📢
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
IT Pro
23andMe 'failed to take basic steps' to safeguard customer data
The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
😱1
📔 UK ICO Fines 23andMe £2.3m for Data Protection Failings 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
23andMe has been fined over 2m by the UK ICO for failing to adequately protect genetic data.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
UK ICO Fines 23andMe £2.3m for Data Protection Failings
23andMe has been fined over £2m by the UK ICO for failing to adequately protect genetic data
👍1
🖋️ Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Cybersecurity researchers are warning of a new phishing campaign that's targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan's National Taxation Bureau, Fortinet FortiGuard Labs said in a report.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
😱1
🕵️♂️ Operation Endgame: Do Takedowns and Arrests Matter? 🕵️♂️
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Dark Reading
Operation Endgame: Do Takedowns & Arrests Matter?
Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.
🕵️♂️ Private 5G: New Possibilities — and Potential Pitfalls 🕵️♂️
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
While ushering in "great operational value" for organizations, private 5G networks add yet another layer to CISOs' responsibilities.📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Dark Reading
Private 5G: New Possibilities — and Potential Pitfalls
While ushering in "great operational value" for organizations, private 5G networks add yet another layer to CISOs' responsibilities.
📔 Hacklink Marketplace Fuels Surge in Covert SEO Poisoning Attacks 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
New SEO poisoning attacks identified, using Hacklink to hijack search rankings and inject malicious links into sites.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Cybersecurity researchers have disclosed a nowpatched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform that allows users to.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
❤1
🖋️ LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Cybersecurity researchers have disclosed a nowpatched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform that allows users to.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 'HoldingHands' Acts Like a Pickpocket With Taiwan Orgs 🕵️♂️
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Dark Reading
'HoldingHands' Acts Like a Pickpocket With Taiwan Orgs
Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.
🖋️ Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
A nowpatched security flaw in Google Chrome was exploited as a zeroday by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in midMarch 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE20252783 CVSS score 8.3. Google addressed the flaw later that month after Kaspersky reported inthewild.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach 🕵️♂️
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
Dark Reading
Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach
The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.
🖋️ Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Veeam has rolled out patches to contain a critical security flaw impacting its Backup Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE202523121, carries a CVSS score of 9.9 out of a maximum of 10.0. "A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user," the.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity