Security
Headlines
HeadlinesLatestCVEs

Latest News

45 New Domains Linked to Salt Typhoon, UNC4841

The China-backed threat actors have used the previously undiscovered infrastructure to obtain long-term, stealthy access to targeted organizations.

DARKReading
Open in Source
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the

The Hacker News
Open in Source
#xss#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#linux#cisco#ddos#apache#nodejs#js#git#intel#c++#backdoor#rce#perl#pdf#oauth#auth#ssh#telnet#zero_day#docker#chrome#sap#ssl#The Hacker News
Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response

Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.

GHSA-cxvc-g8f2-4gmm: Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.

You Didn’t Get Phished — You Onboarded the Attacker

When Attackers Get Hired: Today’s New Identity Crisis What if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding. Meet “Jordan from Colorado,” who has a strong resume, convincing references, a clean background check, even a digital footprint that checks out. On day one, Jordan logs into email and attends

A week in security (September 1 – September 7)

A list of topics we covered in the week of September 1 to September 7 of 2025

Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens

Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025. "The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity

Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers

Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your…

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.