Tag: update
-
Dec Recap: New AWS Privileged Permissions and Services
As December 2025 comes to a close, Sonrai’s latest review of newly released AWS permissions highlights a continued expansion of cloud privilege. This month’s updates span identity, observability, AI, and managed service infrastructure, with changes across CloudWatch, CloudFront, Bedrock, EKS, SageMaker, and emerging agent-based platforms. Together, these permissions reinforce a core reality of cloud security:……
-
Critical ‘MongoBleed’ Bug Under Attack, Patch Now
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/mongobleed-bug-active-attack-patch
-
Open WebUI bug turns the ‘free model’ into an enterprise backdoor
Tags: access, api, authentication, backdoor, data, exploit, flaw, malicious, mitigation, network, nvd, remote-code-execution, risk, tool, updateEscalating to Remote Code Execution: The risk doesn’t stop at account takeover. If the compromised account has workspace.tools permissions, attackers can leverage that session token to push authenticated Python code through Open WebUI’s Tools API, which executes without sandboxing or validation.This turns a browser-level compromise into full remote code execution on the backend server. Once…
-
6 strategies for building a high-performance cybersecurity team
Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
-
6 strategies for building a high-performance cybersecurity team
Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
-
Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers
Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server.Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting…
-
Critical ‘MongoBleed’ Bug Under Active Attack, Patch Now
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/mongobleed-bug-active-attack-patch
-
Ten thousand firewalls are vulnerable to old vulnerability
This news brief originally appeared on ComputerSweden.More Fortinet security news:FortiGate firewall credentials being stolen after vulnerabilities discoveredFortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipmentFortinet admins urged to update software to close FortiCloud SSO holes First seen on csoonline.com Jump to article: www.csoonline.com/article/4112857/ten-thousand-firewalls-are-vulnerable-to-old-vulnerability.html
-
Windows Users at Risk as Critical Zoom Vulnerability Exploited
A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately. The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-flaw-windows-users-at-risk/
-
How the Organizational Risk Culture Standard can supercharge your cybersecurity culture
Tags: automation, ceo, communications, compliance, control, cyber, cybersecurity, data, detection, email, finance, framework, group, guide, intelligence, law, metric, nist, phishing, ransomware, RedTeam, resilience, risk, tool, updateThe 10 dimensions, translated for cybersecurity: The ORCS framework defines ten dimensions. Treat them as a system. Each one is distinct; together they are complete. Leadership & governance. Leaders set the tone, model the behavior and anchor accountability. If leaders treat cyber as only an IT issue, everyone else will, too. When leaders make risk-informed…
-
Multiple Flaws in QNAP Tools Allow Attackers to Steal Sensitive Data
QNAP has released a security advisory addressing multiple vulnerabilities in its License Center application. If left unpatched, these flaws could allow attackers to steal sensitive information, crash system processes, or modify memory on affected Network Attached Storage (NAS) devices. The security update, released on January 3, 2026, resolves two distinct issues affecting License Center version…
-
âš¡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More
The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit.This week’s stories share one pattern. Nothing flashy. No single…
-
ManageMyHealth Provides Update on Ongoing Cyberattack Investigation
Manage My Health (MMH) has released a detailed update on the ongoing investigation following a cyberattack that was first reported on 30 December 2025. The ManageMyHealth hack has affected a portion of the organization’s user base, prompting urgent responses from MMH, Health New Zealand, and law enforcement agencies. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/managemyhealth-hack-explained/
-
ERP-Angriffe und KI machen Sicherheit zur Chefsache – Patching reicht nicht: ERP-Sicherheit braucht KI und Monitoring
First seen on security-insider.de Jump to article: www.security-insider.de/erp-sicherheit-ki-monitoring-2026-a-7596fbb0340fa04517639a11473953c0/
-
Best of 2025: NIST Launches Updated Incident Response Guide
Tags: cybersecurity, framework, guide, incident response, nist, risk, risk-management, technology, updateThe National Institute of Standards and Technology (NIST) has released a long-awaited update to its incident response guidance: Special Publication 800-61 Revision 3 (SP 800-61r3). This new version, titled “Incident Response Recommendations and Considerations for Cybersecurity Risk Management,” aligns closely with the latest Cybersecurity Framework (CSF) 2.0, marking a significant evolution in how organizations should……
-
Breach Roundup: Clop Tied to Korean Air Vendor Breach
Also: China-Linked APT Hijack Updates, Condé Nast Data Leaked, La Poste Hit. This week, a Clop-linked vendor breach hit Korean Air, a China-linked APT hijacked software updates, a critical zero-day flaw remained unpatched, Condé Nast faced a data leak, La Poste was disrupted and Korean police extradited a malware operation suspect. First seen on govinfosecurity.com…
-
Cryptohack Roundup: $7M Trust Wallet Hack
Indian Police Arrests Ex-Coinbase Staffer Over Data Breach Charges. This week, a $7 million Trust Wallet extension hack, arrest of an ex-Coinbase support agent, the U.S. sued alleged perpetrators of a $14M scam, Polymarket hack update, early release scheduled for former Alameda CEO, backlash on Flow’s post-exploit rollback plan and Grubhub-linked holiday Bitcoin scam. First…
-
Critical vulnerability in IBM API Connect could allow authentication bypass
Tags: api, authentication, control, exploit, flaw, governance, ibm, mitigation, monitoring, radius, resilience, service, software, update, vmware, vulnerabilityInterim fixes provided: IBM said that the issue was discovered during internal testing, and it has provided interim fixes for each affected version of the software, with individual update details for VMware, OCP/CP4I, and Kubernetes.The only mitigation suggested for the flaw, according to IBM’s security bulletin, is this: “Customers unable to install the interim fix…
-
IBM warns of critical API Connect auth bypass vulnerability
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/
-
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation
Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, updateCloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
-
New Open-Source C2 Framework AdaptixC2 Debuts With Improved Stability and Speed
The open-source community has received a major update with the release of AdaptixC2 Version 1.0. This new version brings significant enhancements to the Command and Control (C2) framework, with a focus on network stability, user interface (UI) performance, and operational speed. The most notable technical improvement in Version 1.0 is the complete overhaul of the…
-
OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas
OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to operate inside a web browser and carry out tasks for users. The company said it recently shipped a security update for ChatGPT Atlas after internal automated red-teaming uncovered…
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
Evasive Panda ändert das DNS, statt Updates lädt man Malware
Die Hacker-Gruppe Evasive Panda nutzte das Domain Name System, um unzählige Computer zu verseuchen. Das DNS ist elementar und keine Beilage. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/cyberangriffe/evasive-panda-aendert-das-dns-statt-updates-laedt-man-malware-324673.html
-
Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen
Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the malicious update’s deployment. Blockchain investigator ZachXBT initially flagged the incident on the social media platform…