Cisco uncovers new SNMP vulnerability used in attacks on IOS devices
Cisco Systems has issued security updates to address a critical vulnerability in its widely deployed IOS and IOS XE network operating systems, after confirming the…
Month: September 2025
Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data
A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass…
Choosing the Right C3PAO for Your CMMC Level 2 Certification
If you’re aiming for CMMC Level 2 certification, choosing the right C3PAO (Certified Third-Party Assessment Organization) is one of the most important decisions you’ll make.…
BQTLOCK Ransomware Attacking Windows Users Via Telegram to Encrypt Files and Delete Backup
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since…
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data
A vulnerability dubbed ForcedLeak was recently discovered in Salesforce Agentforce, an AI-driven system designed to handle complex business tasks within CRM environments. Noma Security identified…
Microsoft spots LLM-obfuscated phishing attack
Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even…
Green energy microgrids hailed as cost-effective answer to UK’s datacentre energy supply woes
The government should consider expanding the availability of renewable microgrids as a cheaper and faster alternative to building nuclear small modular reactors (SMRs) to meet…
SolarWinds Hotfix Fixes Web Help Desk RCE CVE-2025-26399
SolarWinds has released a new hotfix aimed at resolving a critical remote code execution (RCE) vulnerability affecting its Web Help Desk (WHD) software. The flaw,…
PyPI Warns Users of Fresh Phishing Campaign
The Python Package Index (PyPI), the default platform for Python’s package management tools, is warning users of a fresh phishing campaign relying on domain confusion…
AI agents building security tests
The Detectify AI Agent Alfred fully automates the creation of security tests for new vulnerabilities, from research to a merge request. In its first six…
![[tl;dr sec] #298 - Good CISO / Bad CISO, AWS Infra Canarytokens, Protect Yourself from Compromised NPM Packages](https://image.cybernoz.com/wp-content/uploads/2025/09/tldr-sec-298-Good-CISO-Bad-CISO-AWS.png)
[tl;dr sec] #298 – Good CISO / Bad CISO, AWS Infra Canarytokens, Protect Yourself from Compromised NPM Packages
How to be an effective CISO, deploy decoy assets that fit in to your AWS environment, tips and tools to minimize the impact of NPM…
How secure are passkeys, really? Here’s what you need to know
We’ve known for a long time that passwords have their flaws. Whether it’s phishing, brute force, or dictionary attacks, password-based authentication remains one of the…