Palo Alto Networks User-ID Agent Flaw Leaks Passwords in Cleartext
A newly disclosed vulnerability in the Palo Alto Networks User-ID Credential Agent on Windows systems allows service account passwords to be exposed in cleartext under…
Month: September 2025
Massive NPM Supply Chain Attack Earned Attackers Only $600
A massive NPM supply chain attack that hit about 10% of all cloud environments yielded little for the hackers who engineered the compromise. That’s the…
F5 to acquire AI security firm CalypsoAI for $180 million
F5, a Seattle-based application delivery and security company, announced Thursday it will acquire Dublin-based CalypsoAI for $180 million in cash, highlighting the mounting security challenges…
The Buyer’s Guide to Browser Extension Management
While most enterprises lock down endpoints, harden networks, and scan for vulnerabilities, one of the riskiest vectors often slips through unmonitored: browser extensions. These small,…
Lessons From Salesforce/Salesloft Drift Data Breaches
The Salesloft Drift data breaches of August 2025 stand as one of the most significant supply chain attacks in SaaS history, demonstrating how a single…
Bulletproof Host Stark Industries Evades EU Sanctions – Krebs on Security
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before…
Cyber Attack Exposes LNER Train Passengers’ Personal Data
London North Eastern Railway (LNER) has confirmed that an unauthorized breach at one of its third-party suppliers exposed contact details and travel histories of some…
Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack
US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension Hospital, exposing 5.6 million…
Microsoft adds malicious link warnings to Teams private chats
Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. Microsoft will introduce these…
New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs
A novel speculative execution attack named VMSCAPE allows a malicious virtual machine (VM) to breach its security boundaries and steal sensitive data, like cryptographic keys,…
Attackers Abuse Kubernetes DNS to Extract Git Credentials from ArgoCD
A newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches. This technique lets an attacker abuse…
Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called “gross cybersecurity…