Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust’s official crate repository scanned developers’ systems to steal cryptocurrency private keys and other secrets. Rust crates…
Author: Cybernoz
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data
Chinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with…
New SVG-based phishing campaign is a recipe for disaster
We’ve written in the past about cybercriminals using SVG files for phishing and for clickjack campaigns. We found a new, rather sophisticated example of an…
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Sep 25, 2025Ravie LakshmananVulnerability / AI Security Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents,…
Critical infrastructure operators putting more insecure industrial equipment on the internet
Listen to the article 3 min This audio is auto-generated. Please let us know if you have feedback. Dive Brief: Nearly 200,000 industrial control systems…
Cisco uncovers new SNMP vulnerability used in attacks on IOS devices
Cisco Systems has issued security updates to address a critical vulnerability in its widely deployed IOS and IOS XE network operating systems, after confirming the…
Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data
A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass…
Choosing the Right C3PAO for Your CMMC Level 2 Certification
If you’re aiming for CMMC Level 2 certification, choosing the right C3PAO (Certified Third-Party Assessment Organization) is one of the most important decisions you’ll make.…
BQTLOCK Ransomware Attacking Windows Users Via Telegram to Encrypt Files and Delete Backup
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since…
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data
A vulnerability dubbed ForcedLeak was recently discovered in Salesforce Agentforce, an AI-driven system designed to handle complex business tasks within CRM environments. Noma Security identified…
Microsoft spots LLM-obfuscated phishing attack
Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even…
Green energy microgrids hailed as cost-effective answer to UK’s datacentre energy supply woes
The government should consider expanding the availability of renewable microgrids as a cheaper and faster alternative to building nuclear small modular reactors (SMRs) to meet…