Fortra GoAnywhere Vulnerability Exploited as 0-day Before Patch Released
A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as a zero-day at least a week…
Month: September 2025
Apache Airflow Vulnerability Lets Read-Only Users Access Sensitive Data
Apache Airflow maintainers have disclosed a serious security issue, tracked as CVE-2025-54831, that allows users holding only read permissions to view sensitive connection details via…
The 7 Cybersecurity Trends Of 2026 That Everyone Must Be Ready For
26 Sep The 7 Cybersecurity Trends Of 2026 That Everyone Must Be Ready For Posted at 08:45h in Blogs by Taylor Fox This week in…
Neon App pays users to record their phone calls, sells data for AI training
TechCrunch reports about a “bizarre app” inviting you to record and share your audio calls so that it can sell the data to AI companies. And…
Why BAS Is Proof of Defense, Not Assumptions
Sep 26, 2025The Hacker NewsSecurity Validation / Enterprise Security Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.…
Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza
Microsoft said Thursday it had disabled services to a unit within the Israeli military after a company review had determined its artificial intelligence and cloud…
First-Ever Malicious MCP Server Found in the Wild Steals Emails via AI Agents
The first-ever malicious Model-Context-Prompt (MCP) server discovered in the wild, a trojanized npm package named postmark-mcp that has been secretly exfiltrating sensitive data from users’…
Why BAS Is Proof of Defense, Not Assumptions
Sep 26, 2025The Hacker NewsSecurity Validation / Enterprise Security Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.…
North Korea’s Fake Recruiters Feed Stolen Data to IT Workers
The North Korean threat actor behind the DeceptiveDevelopment campaign is supplying stolen developer information to the country’s horde of fraudulent IT workers, ESET reports. Initially…
UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware
UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware Pierluigi Paganini September 26, 2025 UK NCSC warns that…
Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise
Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral…
Malware Gangs Enlist Covert North Korean IT Workers in Corporate Attacks
Malware operators aligned with North Korea have forged a sophisticated partnership with covert IT workers to target corporate organizations worldwide. This collaboration, detailed in a…