Jun 25, 2025Ravie LakshmananSaaS Security / Vulnerability New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in… Read More "nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery"
Jun 25, 2025Ravie LakshmananVulnerability / Network Security Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2… Read More "Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC"
Jun 25, 2025Ravie LakshmananData Privacy / Vulnerability Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.… Read More "Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure"
Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025,… Read More "Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games"
Jun 25, 2025Ravie LakshmananMalware / Open Source Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious… Read More "North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages"
Jun 25, 2025Ravie LakshmananEndpoint Security / IT Management Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC… Read More "Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options"
Jun 24, 2025Ravie LakshmananMalware / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware… Read More "APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine"
Jun 24, 2025Ravie LakshmananData Protection / Mobile Security The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the… Read More "U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues"
Jun 24, 2025Ravie LakshmananSocial Media / Privacy The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the… Read More "New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public"
Jun 24, 2025Ravie LakshmananVulnerability / Malware Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said… Read More "Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers"
