When Airports Go Dark: What The Weekend’s Cyber-attacks Tell Us About Business Risk
Varun Uppal, founder and CEO of Shinobi Security Over the weekend, airports across Europe were thrown into chaos after a cyber-attack on one of their…
Author: Cybernoz
Cisco IOS/XE Vulnerability Allows Unauthorized Access to Confidential Data
Cisco released an advisory describing a high-severity vulnerability (CVE-2025-20160) in its IOS and IOS XE platforms. The flaw stems from improper validation of the TACACS+…
Salesforce AI Hack Enabled CRM Data Theft
Prompt injection and an expired domain could have been used to target Salesforce’s Agentforce platform for data theft. The attack method, dubbed ForcedLeak, was discovered…
Cyber insurance could greatly reduce losses from diversification, mitigation measures
The cyber insurance market could reduce exposure to catastrophic risk by diversifying portfolios by geography and industry and employing mitigation strategies to reduce the impact…
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust’s official crate repository scanned developers’ systems to steal cryptocurrency private keys and other secrets. Rust crates…
Chinese State-Sponsored Hackers Targeting Telecommunications Infrastructure to Steal Sensitive Data
Chinese state-sponsored cyber threat group Salt Typhoon has intensified long-term espionage operations against global telecommunications infrastructure, according to recent legal and intelligence reporting. Aligned with…
New SVG-based phishing campaign is a recipe for disaster
We’ve written in the past about cybercriminals using SVG files for phishing and for clickjack campaigns. We found a new, rather sophisticated example of an…
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Sep 25, 2025Ravie LakshmananVulnerability / AI Security Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents,…
Critical infrastructure operators putting more insecure industrial equipment on the internet
Listen to the article 3 min This audio is auto-generated. Please let us know if you have feedback. Dive Brief: Nearly 200,000 industrial control systems…
Cisco uncovers new SNMP vulnerability used in attacks on IOS devices
Cisco Systems has issued security updates to address a critical vulnerability in its widely deployed IOS and IOS XE network operating systems, after confirming the…
Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data
A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass…
Choosing the Right C3PAO for Your CMMC Level 2 Certification
If you’re aiming for CMMC Level 2 certification, choosing the right C3PAO (Certified Third-Party Assessment Organization) is one of the most important decisions you’ll make.…