nOAuth: A Two-Year-Old Entra ID Loophole Still Lets Attackers Take Over
New survey shows nearly one in ten Microsoft-linked SaaS apps can be hijacked A fresh investigation by identity-security firm Semperis has reignited concern about a weakness first publicised in mid-2023 and nicknamed nOAuth. The company examined 104 cloud software products that let customers sign…
0 Comments5 Minutes
Cisco Rushes to Fix Two “Perfect-Score” Flaws in Identity Services Engine
What Makes ISE So Important Cisco Identity Services Engine, better known as ISE, sits at the heart of many company networks. It decides who or what can log in, which devices may join the Wi-Fi, and whether a user can reach a sensitive server. If ISE goes down or is taken over, an attacker…
0 Comments5 Minutes
Critical flaw in Open VSX Registry patched after researchers warn of supply-chain danger
Attack vector could have handed over the whole extension market An Israeli security outfit has revealed that an error buried deep in the automation scripts of the Open VSX Registry might have let criminals hijack every Visual Studio Code extension distributed through the popular open-source…
0 Comments6 Minutes
New Linux Privilege-Escalation Chain Gives Attackers Instant Root Access
Two Bugs, One Exploit Chain Security specialists at Qualys have revealed a pair of vulnerabilities that—when combined—let any logged-in user jump from a normal account to full administrator rights on many mainstream Linux distributions. The first flaw, CVE-2025-6018, sits inside the Pluggable…
0 Comments5 Minutes
Fake GitHub Projects Hides Malicious Code, Researchers Warn
Banana Squad Returns With a Fresh Batch of Booby-Trapped Repositories Security analysts at ReversingLabs say they have uncovered a new surge of activity by a group they call Banana Squad. The actors have opened and maintained more than 67 GitHub projects that pretend to contain handy Python hacking…
0 Comments6 Minutes
The Web’s Biggest Password Leak Puts Billions at Risk
A Record-Breaking Trove of Stolen Credentials Comes to Light A data cache containing roughly 16 billion usernames and passwords has surfaced on dark-web forums, according to investigative work led by researcher Vilius Petkauskas and the Cybernews team. Spread across 30 colossal files—each one…
0 Comments6 Minutes
Anubis Ransomware Emerges With a Destructive Twist
Dual Threat: Scrambling and Erasing Data A newly observed strain of ransomware called Anubis has attracted the attention of security researchers for its ability not only to lock files but also to wipe them out completely. According to a recent study by Trend Micro, the malware carries a “wipe…
0 Comments6 Minutes
Google Cloud Disruptions Affect Major Online Services
Several Companies Report Issues as Google Scrambles to Restore Cloud Platform Google Cloud faced major technical problems on Thursday, causing widespread outages that affected businesses and online services around the world. The issues began late in the morning Pacific Time and continued for…
0 Comments6 Minutes
Adobe Fixes Over 250 Security Bugs in Major Software Update
Most Issues Found in Adobe Experience Manager, Users Urged to Update Immediately Adobe has released a major round of security patches this week, fixing a total of 254 different vulnerabilities in several of its popular software products. The company said the majority of these flaws—225 in…
0 Comments5 Minutes
Fake Resumes on LinkedIn Deliver More_eggs Malware
Posing as Job Seekers on Professional Platforms A criminal gang that security researchers know as FIN6 has begun taking advantage of the job-hunting world in a new way. According to a fresh investigation from DomainTools, the group is approaching recruiters on popular employment sites such as…
0 Comments6 Minutes