New Variant of The XCSSET Malware Attacking macOS App Developers
The macOS threat landscape has witnessed a significant escalation with the discovery of a new variant of the XCSSET malware targeting app developers. First observed…
Month: September 2025
Cisco ASA 0-Day RCE Flaw Actively Exploited in the Wild
A critical zero-day vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software is being actively exploited…
Fake Ukraine Police Notices Spread New Amatera Stealer and PureMiner
Hackers are distributing malicious emails that imitate official notices from the National Police of Ukraine. This phishing campaign, identified by FortiGuard Labs, targets any organisation…
CISA Warns Of CVE-2025-20333 In Cisco ASA Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-03 in response to an ongoing and severe cybersecurity threat targeting vulnerabilities in…
Interpol Says 260 Suspects in Online Romance Scams Have Been Arrested in Africa
A crackdown on cybercrime coordinated by Interpol has led to the arrests across 14 African countries of 260 people suspected in online romance and extortion…
Maximum severity GoAnywhere MFT flaw exploited as zero day
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere MFT that allows injecting commands remotely without authentication. The vendor disclosed the flaw on…
GitLab High-Severity Vulnerabilities Let Attackers Crash Instances
GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances. These flaws impact Community Edition (CE) and…
Customer Authentication Challenges That Impact Your Organization’s Security Posture
Introduction In today’s cybersecurity landscape, CISOs face the challenge of securing data while managing costs effectively. As cyber threats become more sophisticated, traditional user authentication…
Malicious MCP Server Discovered Stealing Sensitive Emails Using AI Agents
Enterprises everywhere are embracing MCP servers—tools that grant AI assistants “god-mode” permissions to send emails, run database queries, and automate tedious tasks. But no one…
Google and Flo to pay $56 million after misusing users’ health data
Popular period-tracking app Flo Health shared users’ intimate health data—such as menstrual cycles and fertility information—with Google and Meta, allegedly for targeted advertising purposes, according…
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new…
ForcedLeak: Critical Salesforce AgentForce Vulnerability
A recently disclosed security research report has revealed a severe vulnerability chain in Salesforce AgentForce, dubbed ForcedLeak, which highlights a new class of AI-specific threats…