ποΈ Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE202554236 aka SessionReaper, carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below CVE202542944 CVSS score 10.0 A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Preventing business disruption and building cyber-resilience with MDR π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a preventionfirst cybersecurity strategy.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Preventing business disruption and building cyber-resilience with MDR
Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy.
π Wyden Urges FTC Investigation Over Ascension Ransomware Hack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Senator Ron Wyden of Oregon has urged the FTC to investigate Microsoft for cybersecurity lapses linked to ransomware attacks on US critical infrastructure.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Wyden Urges FTC Investigation Over Ascension Ransomware Hack
Senator Ron Wyden of Oregon has urged the FTC to investigate Microsoft for cybersecurity lapses linked to ransomware attacks on US critical infrastructure
π Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Bitdefender said the sophisticated multistage operation allowed attackers to maintain persistent access and steal sensitive data from a Philippines military company.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset
Bitdefender said the sophisticated multi-stage operation allowed attackers to maintain persistent access and steal sensitive data from a Philippines military company
π France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Compromised data includes personal data such as patients full names, ages, phone numbers and email addresses.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks
Compromised data includes personal data such as patientsβ full names, ages, phone numbers and email addresses
π Ukrainian Ransomware Fugitive Added to Europeβs Most Wanted π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US offers 11m as LockerGoga ransomware suspect becomes one of Europes most wanted men.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ukrainian Ransomware Fugitive Added to Europeβs Most Wanted
US offers $11m as LockerGoga ransomware suspect becomes one of Europeβs most wanted men
π LNER Reveals Supply Chain Attack Compromised Customer Information π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Governmentrun train operator LNER has revealed details of a supplier data breach.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
LNER Reveals Supply Chain Attack Compromised Customer Information
Government-run train operator LNER has revealed details of a supplier data breach
π KillSec Ransomware Hits Brazilian Healthcare IT Vendor π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A ransomware attack by KillSec on Brazil software provider MedicSolution threatens healthcare, impacting providers and patients.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
KillSec Ransomware Hits Brazilian Healthcare IT Vendor
A ransomware attack by KillSec on Brazil software provider MedicSolution threatens healthcare, impacting providers and patients
π Cursor Autorun Flaw Lets Repositories Execute Code Without Consent π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A flaw in the Cursor extension allows unauthorized code execution when opening repositories in Visual Studio.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cursor Autorun Flaw Lets Repositories Execute Code Without Consent
A flaw in the Cursor extension allows unauthorized code execution when opening repositories in Visual Studio
π Adobe Releases Emergency Patch for Critical Flaw in Commerce and Magento π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The vulnerability, dubbed SessionReaper, allows customer account takeover and unauthenticated remote code execution.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Adobe Releases Emergency Patch for Critical Flaw in Commerce and Magento
The vulnerability, dubbed SessionReaper, allows customer account takeover and unauthenticated remote code execution
π Ransomware Payments Plummet in Education Amid Enhanced Resiliency π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Sophos found that average ransom demands and payments fell substantially in the education sector in 2025, as recovery time and costs fell.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ransomware Payments Plummet in Education Amid Enhanced Resiliency
Sophos found that average ransom demands and payments fell substantially in the education sector in 2025, as recovery time and costs fell
π Two Zero-Days Among Patch Tuesday CVEs This Month π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has fixed over 80 vulnerabilities including two publicly disclosed zerodays in its latest Patch Tuesday release.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Two Zero-Days Among Patch Tuesday CVEs This Month
Microsoft has fixed over 80 vulnerabilities including two publicly disclosed zero-days in its latest Patch Tuesday release
π Malicious npm Code Reached 10% of Cloud Environments π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Wiz Security warns that a recently discovered supply chain attack campaign targeting npm is far from over.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Malicious npm Code Reached 10% of Cloud Environments
Wiz Security warns that a recently discovered supply chain attack campaign targeting npm is far from over
π Project Manager π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post Project Manager appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Project Manager - UnderDefense
π Beyond Torq: A Guide to 2025 AI SOC Alternatives π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Torq is a solid platform. An AI SOC that takes the edge off Tier1 fatigue with its lowcode workflows and the Torq Socrates AI agent automation. But if youre asking, Is there a better way? wed say yes you have options. Heres the real guide to nine credible Torq alternatives, explained with realworld context, judgment, The post Beyond Torq A Guide to 2025 AI SOC Alternatives appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Top 9 Torq Alternatives & AI SOC Competitors in 2025
Explore Torq alternatives in 2025. Compare 9 leading AI SOC vendors on strengths, blind spots, and pricing.
π 6 Blumira Alternatives: 2025βs Dive into AI SOCs π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Blumira SIEMXDR sits in that good enough ground for IT managers without a fullblown SOC team. But if youve outgrown simple setups or are finally budgeting for real breach prevention, youve got options. Here well unpack 6 Blumira alternatives what they get right, where they fall short, and when youll need more than just automation. The post 6 Blumira Alternatives 2025s Dive into AI SOCs appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Top 6 Blumira Alternatives & AI SOC Competitors in 2025
Compare Blumira with 6 leading AI SOC platforms in 2025. Explore strengths, blind spots, costs, and why human-led MDR still beats autonomous SOCs.
π The SLA in Cybersecurity: Defining Your SOCβs Accountability π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
247 monitoring and glossy dashboards give you visibility, but they arent a substitute for a legally enforceable Service Level Agreement SLA. A wellwritten SLA in cybersecurity does three things it clarifies whos responsible for what, so theres no fingerpointing during an incident it converts vendor capabilities into testable, auditable commitments and it gives your procurement The post The SLA in Cybersecurity Defining Your SOCs Accountability appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
SOC Vendor SLA: What to Insist On Before You Outsource Security
Learn exactly what to demand from a SOC vendor SLAβmeasurable KPIs, response targets, penalties, and reporting.
π Risks of AI Integration: Real-world Exploits and Mitigation Steps π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
AI integration into enterprise products and services boosts content generation, data analysis, process automation, and customer interaction. However, it also introduces new risks that dont follow the old rules of web or APIbased security. As more users interact with LLMenhanced systems, the risk of misuse and data leaks grows. The cybersecurity community has already uncovered The post Risks of AI Integration Realworld Exploits and Mitigation Steps appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Real-world examples of AI integration security issues and practical recommendations.
Discover real AI integration cyber attack incidents involving LLMs. Learn how attackers exploit these systems and how to design AI-powered features securely.
π¦
Australian Cyber Authorities Warn of Active Exploitation of SonicWall SSL Vulnerability (CVE-2024-40766) π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
CVE202440766 " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202509CVE202440766300x150.webp" datalargefile"httpscyble.comwpcontentuploads202509CVE202440766.webp" title"Australian Cyber Authorities Warn of Active Exploitation of SonicWall SSL Vulnerability CVE202440766 1" The Australian Signals Directorates Australian Cyber Security Centre ASDs ACSC has issued an urgent warning following the active exploitation of a critical vulnerability affecting SonicWall SSL VPN appliances across Australia. The flaw, CVE202440766, is being leveraged by threat actors, including those deploying Akira ransomware, to gain unauthorized access to networks and, in some instances, cause firewall crashes. This vulnerability, first disclosed in August 2024 under advisory ID SNWLID2024001...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ACSC Warns Of SonicWall SSL VPN Exploit (CVE-2024-40766)
ASDβs ACSC confirms active exploitation of CVE-2024-40766 in SonicWall SSL VPNs. Urges urgent patching, MFA, and access controls for Aussie orgs.
π¦
Canadian Governmentβs IT Arm Flags Digital Risks, Cyber Threats, and Strategic Priorities π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
SSC " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202509SSC300x150.webp" datalargefile"httpscyble.comwpcontentuploads202509SSC.webp" title"Canadian Governments IT Arm Flags Digital Risks, Cyber Threats, and Strategic Priorities 2" Shared Services Canada SSC, the federal agency responsible for delivering digital services and IT infrastructure across the Government of Canada GC, has issued a comprehensive update on the state of cybersecurity and digital transformation within the federal public service. In a recent ministerial transition briefing, SSC detailed both pressing challenges and strategic advancements, with a focus on enhancing the resilience of GC systems against digital threats. The report, addressed to the newly appointed Minister of Government Transform...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity