CVE-2025-58434: FlowiseAI Vulnerability Exposes Accounts
A severe security vulnerability has been discovered in FlowiseAI, an open-source AI workflow automation tool, exposing users to the risk of complete account compromise. Tracked…
Month: September 2025
FBI Shares IoCs for Recent Salesforce Intrusion Campaigns
The FBI has shared indicators of compromise (IoCs) associated with two malicious campaigns targeting Salesforce customers for data theft and extortion. The first campaign, attributed…
China’s internet watchdog mandates 1-hour reporting for serious cybersecurity incidents
China’s top internet regulator has rolled out new rules for the rapid reporting of cybersecurity breaches and major incidents involving critical information infrastructure. Network operators…
LangChainGo Vulnerability Let Attackers Access Sensitive Files
A high-severity vulnerability was identified in LangChainGo, the Go implementation of the popular LLM orchestration framework LangChain. Tracked as CVE-2025-9556, this flaw allows unauthenticated attackers…
LangChainGo Vulnerability Allows Malicious Prompt Injection to Access Sensitive Data
A recently discovered flaw in LangChainGo, the Go implementation of the LangChain framework for large language models, permits attackers to read arbitrary files on a…
IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization. Tracked…
Hackers using generative AI “ChatGPT” to evade anti-virus defenses
The Kimsuky APT group has begun leveraging generative AI ChatGPT to craft deepfake South Korean military agency ID cards. Phishing lures deliver batch files and…
West Virginia Credit Union Notifying 187,000 People Impacted by 2023 Data Breach
Fairmont Federal Credit Union is notifying over 187,000 individuals that their personal and financial information was stolen in a two-year-old data breach. A not-for-profit financial…
Great Firewall of China’s Sensitive Data of Over 500GB+ Leaked Online
The Great Firewall of China (GFW) suffered its largest-ever internal data breach. More than 500 GB of sensitive material—including source code, work logs, configuration files,…
BlackNevas Ransomware Encrypts Files, Exfiltrates Corporate Data
Countries with most cyberattacks stopped highlighting global cyber defense efforts, including key regions in Asia-Pacific and North America. BlackNevas has released a comprehensive attack strategy…
DarkCloud Stealer Attacking Financial Companies With Weaponized RAR Attachments
DarkCloud Stealer has recently emerged as a potent threat targeting financial organizations through convincing phishing campaigns. Adversaries employ weaponized RAR attachments masquerading as legitimate documents…
FBI Releases IOCs on Cyber Threats Exploiting Salesforce for Data Theft
The Federal Bureau of Investigation (FBI) has released a detailed flash advisory disclosing indicators of compromise (IOCs) and tactics used by two cybercrime groups—UNC6040 and…