China Enforces 1-Hour Cybersecurity Incident Reporting
China is ramping up its cybersecurity enforcement with new regulations requiring network operators to report severe cybersecurity incidents within one hour. The rules, announced by…
Author: Cybernoz
Mustang Panda With SnakeDisk USB Worm and Toneshell Backdoor Seeking to Penetrate Air-Gap Systems
The cybersecurity landscape witnessed a significant escalation in July 2025 when the China-aligned threat actor Hive0154, commonly known as Mustang Panda, deployed sophisticated new malware…
Burger King Uses DMCA to Remove Blog Exposing Drive-Thru System Security Flaws
Burger King has invoked the Digital Millennium Copyright Act to force the removal of a security researcher’s blog post that disclosed serious vulnerabilities in its…
‘Utter madness’ as Post Office paid law firm double the cost of scandal public inquiry
Taxpayers paid one legal firm double the amount in fees to represent the Post Office in the Horizon scandal statutory public inquiry than they paid…
Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway
In April, Rhode Island resident Navah Hopkins received a plea for her help to defeat legislation thousands of miles away in California. The ask came…
New SEO Poisoning Attacking Windows Users With Weaponized Software Sites
In August 2025, security researchers uncovered a sophisticated SEO poisoning campaign targeting Chinese-speaking Windows users. By manipulating search result rankings with tailored SEO plugins and…
IBM QRadar SIEM Vulnerability Allows Unauthorized Actions by Attackers
A permissions issue in IBM QRadar SIEM could enable local privileged users to modify configuration files without proper authorization. Tracked as CVE-2025-0164, this flaw stems…
CVE-2025-58434: FlowiseAI Vulnerability Exposes Accounts
A severe security vulnerability has been discovered in FlowiseAI, an open-source AI workflow automation tool, exposing users to the risk of complete account compromise. Tracked…
FBI Shares IoCs for Recent Salesforce Intrusion Campaigns
The FBI has shared indicators of compromise (IoCs) associated with two malicious campaigns targeting Salesforce customers for data theft and extortion. The first campaign, attributed…
China’s internet watchdog mandates 1-hour reporting for serious cybersecurity incidents
China’s top internet regulator has rolled out new rules for the rapid reporting of cybersecurity breaches and major incidents involving critical information infrastructure. Network operators…
LangChainGo Vulnerability Let Attackers Access Sensitive Files
A high-severity vulnerability was identified in LangChainGo, the Go implementation of the popular LLM orchestration framework LangChain. Tracked as CVE-2025-9556, this flaw allows unauthenticated attackers…
LangChainGo Vulnerability Allows Malicious Prompt Injection to Access Sensitive Data
A recently discovered flaw in LangChainGo, the Go implementation of the LangChain framework for large language models, permits attackers to read arbitrary files on a…