Tag: software

Workday Confirms Data Breach Tied to Salesforce Attacks

Aug 19, 2025 5:54 AM

Tags: attack, breach, corporate, cyberattack, data, data-breach, exploit, software

A New Corporate Victim in a Broader CRM Exploitation Campaign Workday, one of the world’s leading human capital management (HCM) software providers, has confirmed it was impacted in a recent string of coordinated cyberattacks targeting Salesforce CRM instances through sophisticated social engineering. While the company says no customer tenants or internal systems were compromised, attackers……
Lack of Developer Training Fuels Cyber Breaches Across UK Organisations

Aug 19, 2025 1:54 AM

Tags: breach, cyber, cybersecurity, software, technology, training

A new survey from SecureFlag has revealed serious shortcomings in how UK businesses protect themselves from software-related threats. In a poll of 100 C-suite and technology leaders, 67% admitted their organisation had suffered at least one cybersecurity breach or major incident in the past 12 months due to insecure coding practices, with nearly half experiencing…
Secure Software Development Why It Matters

Aug 18, 2025 8:54 PM

Tags: programming, software

Secure Software Development Why It Matters to Every UK SMB (Even If You Don’t Write Code) When most small and medium-sized businesses (SMBs) hear “secure development,” they think: “That doesn’t apply to us, we don’t build apps or write code.” But that’s a dangerous misconception. In today’s interconnected digital ecosystem, secure software development isn’t… First…
Workday Latest Company Hit by Third-Party CRM Platform Breach

Aug 18, 2025 5:54 PM

Tags: breach, data, finance, google, group, software, threat

Workday, a high-profile HR and finance software solutions maker, is the latest victim of a string of data breaches orchestrated by the resurgent ShinyHunters threat group through Salesforce’s CRM solution, joining a lineup of targets that includes Google, Qantas, Pandora, and Adidas. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/workday-latest-company-hit-by-third-party-crm-platform-breach/
New NIST guide explains how to detect morphed images

Aug 18, 2025 4:54 PM

Tags: guide, identity, nist, software

Face morphing software can blend two people’s photos into one image, making it possible for someone to fool identity checks at buildings, airports, borders, and other secure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/nist-guide-detect-morphed-images/
Workday Breached as Ransomware Group Seeks Salesforce Data

Aug 18, 2025 4:54 PM

Tags: access, breach, cloud, data, group, ransomware, software

CRM Breach May Be Tied to Ongoing Scattered Spider and ShinyHunters Campaign. Cloud software giant Workday said its customer relationship management software has been breached and customer data stolen. The alert comes as attackers continue to pose as employees to trick help desks into giving them direct access to a victim’s Salesforce CRM instance. First…
UK’s Colt hit by cyberattack, support systems offline amid ransom threat

Aug 18, 2025 2:54 PM

Tags: api, attack, china, communications, cve, cyberattack, data, data-breach, exploit, finance, flaw, group, infrastructure, Internet, microsoft, network, programming, ransom, rce, remote-code-execution, russia, service, software, threat, update, vulnerability

with samples on a Russian Tor site.”We’ve seen already this year that telecom is particularly vulnerable to attacks, and I think this WarLock attack highlights some recurring issues that telecom and large-scale network service providers are starting to see,” said Gabrielle Hempel, Security Operations Strategist at Exabeam. “There’s this operational ripple effect when you’re a…
Workday hit by social engineering data breach targeting its CRM platform

Aug 18, 2025 2:54 PM

Tags: breach, data, data-breach, social-engineering, software

The human resources software company Workday announced that some customer information was obtained in a social engineering attack. First seen on therecord.media Jump to article: therecord.media/workday-social-engineering-data-breach
1235 wöchentliche Attacken auf deutsche Organisationen

Aug 18, 2025 2:54 PM

Tags: cyber, germany, software, threat

Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies, hat seinen für Juli 2025 veröffentlicht. Im Juli waren Unternehmen im globalen Vergleich durchschnittlich 2011 Cyber-Angriffen pro Woche ausgesetzt. Das ist ein Anstieg von drei Prozent gegenüber dem Vormonat und zehn Prozent gegenüber dem Vorjahr. In Deutschland ist die Zahl […] First seen on…
Human resources firm Workday disclosed a data breach

Aug 18, 2025 11:54 AM

Tags: breach, cloud, data, data-breach, finance, service, software

Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering. Workday is a cloud-based software company that specializes in enterprise applications for human capital management (HCM), financial management, and planning. The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms. The HR…
Workday Data Breach Exposes HR Records via Third-Party CRM Hack

Aug 18, 2025 11:54 AM

Tags: access, breach, cyber, data, data-breach, risk, security-incident, social-engineering, software, supply-chain, unauthorized

Enterprise software giant Workday has disclosed a security incident involving unauthorized access to employee information through a compromised third-party customer relationship management (CRM) platform. The breach, discovered as part of a broader social engineering campaign targeting multiple large organizations, has raised concerns about supply chain security risks in the enterprise software sector. Incident Details and…
Agentic AI promises a cybersecurity revolution, with asterisks

Aug 18, 2025 9:54 AM

Tags: ai, api, authentication, ceo, ciso, cloud, control, cybersecurity, data, endpoint, infrastructure, jobs, LLM, open-source, openai, risk, service, soc, software, supply-chain, technology, tool, update, vulnerability

Trust, transparency, and moving slowly are crucial: Like all technologies, and perhaps more dramatically than most, agentic AI carries both risks and benefits. One obvious risk of AI agents is that, like most LLM models, they will hallucinate or make errors that could cause problems.”If you want to remove or give agency to a platform…
KI-Agenten gegen Schwachstellen in KI-Code – Tricentis erweitert KI-Funktionen zur Software-Qualitätssicherung

Aug 18, 2025 9:54 AM

Tags: ai, software, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/tricentis-erweitert-ki-funktionen-zur-software-qualitaetssicherung-a-df256beaaf49f00269efa95fe44d0a7c/
SAP Security Patch Day Fixes 15 Flaws, Including 3 Injection Vulnerabilities

Aug 12, 2025 12:12 PM

Tags: cvss, cyber, flaw, injection, sap, software, update, vulnerability

SAP released critical security updates on August 12, 2025, addressing 15 vulnerabilities across its enterprise software portfolio, with three severe code injection flaws receiving the highest CVSS scores of 9.9. The monthly Security Patch Day also included four updates to previously released security notes, highlighting the company’s ongoing commitment to protecting customer environments against evolving…
From Risk to ROI: How Security Maturity Drives Business Value

Aug 12, 2025 10:12 AM

Tags: access, ai, breach, business, cloud, compliance, control, cyber, cybersecurity, data, detection, encryption, exploit, finance, framework, GDPR, governance, government, healthcare, incident response, infrastructure, insurance, intelligence, monitoring, nist, privacy, ransomware, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, threat, tool, unauthorized, vulnerability

From Risk to ROI: How Security Maturity Drives Business Value madhav Tue, 08/12/2025 – 04:30 Cyber threats are like moving targets”, constantly evolving and increasingly pervasive. In a hyper-connected world, no individual, industry, or organization is immune. The threat landscape presents a serious and persistent challenge for governments, businesses, critical infrastructure, and individuals alike. Many…
5 key takeaways from Black Hat USA 2025

Aug 12, 2025 10:12 AM

Tags: access, api, attack, authentication, botnet, business, cisco, cloud, container, control, credentials, data, endpoint, exploit, firmware, flaw, framework, Hardware, iam, login, malicious, malware, network, password, programming, rce, remote-code-execution, service, software, technology, tool, update, usa, vulnerability, windows

Vaults can be cracked open: Critical vulnerabilities in popular enterprise credential vaults were unveiled by security researchers from Cyata during Black Hat.The flaws in various components of HashiCorp Vault and CyberArk Conjur, responsibly disclosed to the vendors and patched before their disclosure, stemmed from subtle logic flaws in authentication, validation, and policy enforcement mechanisms, as…
Critical Vulnerability in Carmaker Portal Allows Hackers to Unlock Cars Remotely

Aug 12, 2025 9:12 AM

Tags: backdoor, cyber, flaw, hacker, service, software, unauthorized, vulnerability

Security researcher Eaton Zveare unveiled a critical flaw in a major automaker’s dealer portal that could allow attackers to unlock and start consumer vehicles from anywhere. The vulnerability, discovered in an obscure centralized dealer software platform used by over 1,000 dealers across the United States, exposes a direct backdoor into connected car services, enabling unauthorized…
Critical Vulnerability in Carmaker Portal Allows Hackers to Unlock Cars Remotely

Aug 12, 2025 9:12 AM

Tags: backdoor, cyber, flaw, hacker, service, software, unauthorized, vulnerability

Security researcher Eaton Zveare unveiled a critical flaw in a major automaker’s dealer portal that could allow attackers to unlock and start consumer vehicles from anywhere. The vulnerability, discovered in an obscure centralized dealer software platform used by over 1,000 dealers across the United States, exposes a direct backdoor into connected car services, enabling unauthorized…
Two groups exploit WinRAR flaws in separate cyber-espionage campaigns

Aug 11, 2025 7:11 PM

Tags: cyber, espionage, exploit, flaw, group, hacking, software, vulnerability, zero-day

A prominent hacking operation known as RomCom and a lesser-known group tracked as Paper Werewolf or Goffee each exploited a zero-day vulnerability in WinRAR software this summer, researchers said. First seen on therecord.media Jump to article: therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers
How ShinyHunters Hacking Group Stole Customer Data from Salesforce

Aug 11, 2025 7:11 PM

Tags: data, group, hacker, hacking, malicious, software, theft

Hackers posed as Salesforce IT staff, using vishing to trick employees into installing malicious software for data theft and extortion. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-salesforce-vishing-attack-shinyhunters/
Microsoft tests cloud-based Windows 365 disaster recovery PCs

Aug 11, 2025 7:11 PM

Tags: access, cloud, computer, cyberattack, Hardware, microsoft, service, software, windows

Microsoft has announced the limited public preview of Windows 365 Reserve, a service that provides temporary desktop access to pre-configured cloud PCs for employees whose computers have become unavailable due to cyberattacks, hardware issues, or software problems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-cloud-based-windows-365-disaster-recovery-pcs/
Sicherheits-News: Datenlecks (Google, Telekom); Schwachstellen (WinRAR, Windows) und mehr

Aug 11, 2025 6:12 PM

Tags: data-breach, ddos, google, software, vulnerability, windows

Noch ein kleiner Sammelbeitrag zu Sicherheitsthemen. Es gibt mal wieder Datenlecks, bei Google, bei der Telekom etc. Die Software WinRAR enthält eine Schwachstelle, über die Schadsoftware ausgeliefert wird. Und Domain Controller mit Windows können in ein DDoS-Werkzeug verwandelt werden, die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/11/sicherheits-news-datenlecks-google-telekom-schwachstellen-winrar-windows-und-mehr/
âš¡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More

Aug 11, 2025 4:12 PM

Tags: attack, control, cyber, data, defense, edr, flaw, nvidia, ransomware, software, theft, zero-day

This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is ticking”, if defenses…
CSO hiring on the rise: How to land a top security exec role

Aug 11, 2025 10:12 AM

Tags: access, ai, attack, breach, business, cio, ciso, cloud, compliance, cyber, cybersecurity, data, defense, finance, governance, government, healthcare, identity, incident, incident response, infrastructure, insurance, jobs, military, network, regulation, resilience, risk, saas, service, skills, software, strategy, technology, threat, training

Wide-scale AI adoption shaking up skills sought: In terms of the skills wanted of today’s CSO, Fuller agrees that AI is the game-changer.”Organizations are seeking cybersecurity leaders who combine technical depth, AI fluency, and strong interpersonal skills,” Fuller says. “AI literacy is now a baseline expectation, as CISOs must understand how to defend against AI-driven…
Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution

Aug 11, 2025 9:12 AM

Tags: attack, cve, cyber, flaw, remote-code-execution, software, update, vulnerability

Xerox Corporation has released critical security updates for its FreeFlow Core software, addressing two significant vulnerabilities that could allow attackers to perform server-side request forgery (SSRF) attacks and achieve remote code execution on affected systems. The security flaws, identified as CVE-2025-8355 and CVE-2025-8356, affect FreeFlow Core version 8.0.4 and have been classified as >>IMPORTANT
Untersuchung der bisherigen Ransomware-Operationen der nicht-dokumentierten Gruppe STORM-2603

Aug 9, 2025 4:11 PM

Tags: apt, control, exploit, framework, malware, ransomware, software

Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat eine gezielte Analyse von Storm-2603 durchgeführt, einem Bedrohungsakteur, der mit den jüngsten Toolshell-Exploits in Verbindung steht und mit anderen chinesischen APT-Gruppen zusammenarbeitet. Storm-2603 nutzt ein benutzerdefiniertes Malware-Command-and-Control-Framework (C2), das von Angreifer intern als ak47c2 bezeichnet wird. Dieses Framework umfasst mindestens zwei verschiedene Arten…
Future-Proofing Your Software Supply Chain with SCA Best Practices

Aug 9, 2025 5:11 AM

Tags: best-practice, finance, government, healthcare, open-source, programming, software, supply-chain, technology
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…