Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some…
Researchers from Google’s Project Zero discovered a medium-severity remote code execution (RCE) vulnerability that affects multiple platforms, including Android (Samsung and Pixel devices) and Windows. Remote code execution means an…
From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you…
Most enterprises now run applications in containers, and so they must pay attention to how they store and manage data for containerised applications. The Nutanix…
Cybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a dangerous vector for phishing campaigns…
The Trump administration should reverse cyber personnel and budget cuts, strengthen the Office of the National Cyber Director and expand federal workforce initiatives, the successor…
Security flaws in Microsoft’s Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the “Azure Portal. Varonis found that Azure’s safeguards,…
Axoflow has launched its Security Data Layer, extending its pipeline offering with multiple storage solutions. The Security Data Layer addresses challenges in log management, SIEM…
Oct 22, 2025The Hacker NewsData Breach / Enterprise Security The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The…
A new form of attack is targeting browsers with built-in AI assistants. Researchers at Brave have found that seemingly harmless screenshots and web pages can…
Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers,…
In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path…
