China linked Silk Typhoon targeted diplomats by hijacking web traffic
China linked Silk Typhoon targeted diplomats by hijacking web traffic Pierluigi Paganini August 27, 2025 The China-linked APT group Silk Typhoon targeted diplomats by hijacking…
Author: Cybernoz
The Area Under the Curve: How AI Expands Human Work Capacity
The overwhelming volume of work that needs to be done (click for full size) Every minute, millions of security events flow through corporate networks. Thousands…
Critical Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code
Google has released an emergency security update for Chrome to address a critical use-after-free vulnerability (CVE-2025-9478) in the ANGLE graphics library that could allow attackers…
Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data
Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as…
Hottest cybersecurity open-source tools of the month: August 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: Open-source AI-driven system detects and patches…
I Built a Claude Code Context Modal Inside of Neovim
Kai: AI-powered coding in Neovim (click for full size) I use LazyVim, btw. lol I’ve been using AI to help with coding for a while…
Salesloft Drift Hacked to Steal OAuth Tokens and Exfiltrate from Salesforce Corporate Instances
A sophisticated data exfiltration campaign targeting corporate Salesforce instances has exposed sensitive information from multiple organizations through compromised OAuth tokens associated with the Salesloft Drift…
Critical Chrome Use-After-Free Flaw Enables Arbitrary Code Execution
Google has released an urgent security update for the Chrome Stable channel to address a critical use-after-free vulnerability in the ANGLE graphics library that could allow attackers…
AI Security Map: Linking AI vulnerabilities to real-world impact
A single prompt injection in a customer-facing chatbot can leak sensitive data, damage trust, and draw regulatory scrutiny in hours. The technical breach is only…
Woolworths cuts Big W loose from shared technology stack
Woolworths Group is set to decouple Big W from its shared technology infrastructure, transitioning the department store to a “standalone, fit-for-purpose” platform. The move follows…
New Hook Android Banking Malware With New Advanced Capabilities and Supports 107 Remote Commands
A sophisticated new variant of the Hook Android banking trojan has emerged with unprecedented capabilities that position it among the most advanced mobile malware families…
Citrix NetScaler ADC and Gateway Hit by Ongoing Attacks Exploiting 0-Day RCE
Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. The vulnerabilities, tracked…