Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data
A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an...
Read more →Author: Cybernoz
Choosing the Right C3PAO for Your CMMC Level 2 Certification
If you’re aiming for CMMC Level 2 certification, choosing the right C3PAO (Certified Third-Party Assessment Organization) is one of the...
Read more →
BQTLOCK Ransomware Attacking Windows Users Via Telegram to Encrypt Files and Delete Backup
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels...
Read more →
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data
A vulnerability dubbed ForcedLeak was recently discovered in Salesforce Agentforce, an AI-driven system designed to handle complex business tasks within...
Read more →
Microsoft spots LLM-obfuscated phishing attack
Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake...
Read more →
Green energy microgrids hailed as cost-effective answer to UK’s datacentre energy supply woes
The government should consider expanding the availability of renewable microgrids as a cheaper and faster alternative to building nuclear small...
Read more →
SolarWinds Hotfix Fixes Web Help Desk RCE CVE-2025-26399
SolarWinds has released a new hotfix aimed at resolving a critical remote code execution (RCE) vulnerability affecting its Web Help...
Read more →
PyPI Warns Users of Fresh Phishing Campaign
The Python Package Index (PyPI), the default platform for Python’s package management tools, is warning users of a fresh phishing...
Read more →
AI agents building security tests
The Detectify AI Agent Alfred fully automates the creation of security tests for new vulnerabilities, from research to a merge...
Read more →![[tl;dr sec] #298 - Good CISO / Bad CISO, AWS Infra Canarytokens, Protect Yourself from Compromised NPM Packages](https://cybernoz.com/wp-content/uploads/2025/09/tldr-sec-298-Good-CISO-Bad-CISO-AWS-360x270.png)
[tl;dr sec] #298 – Good CISO / Bad CISO, AWS Infra Canarytokens, Protect Yourself from Compromised NPM Packages
How to be an effective CISO, deploy decoy assets that fit in to your AWS environment, tips and tools to...
Read more →
How secure are passkeys, really? Here’s what you need to know
We’ve known for a long time that passwords have their flaws. Whether it’s phishing, brute force, or dictionary attacks, password-based...
Read more →
New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors
BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to...
Read more →