-
Qualys has confirmed it was impacted by a widespread supply chain attack that targeted the Salesloft Drift marketing platform, resulting in unauthorized access to a portion of its Salesforce data. The breach originated from a sophisticated cyberattack campaign targeting Salesloft Drift, a third-party Software-as-a-Service (SaaS) application used by Qualys to automate sales workflows and manage […] The post Qualys Confirms Data Breach – Hackers Accessed Salesforce Data in Supply Chain Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A rare breach attributed to a North Korean–affiliated actor named “Kim” by the leakers has unveiled unprecedented insight into Kimsuky (APT43) operations. Dubbed the “Kim” dump, the 9 GB dataset includes active bash histories, phishing domains, OCR wor…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have demonstrated a sophisticated technique for bypassing Web Application Firewalls (WAFs) using JavaScript injection combined with HTTP parameter pollution, exposing critical vulnerabilities in modern web security infrastructure. The research, conducted during an autonomous penetration test, revealed how attackers can exploit parsing differences between WAF engines and web application frameworks to execute malicious code […] The post Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyberattack campaign where threat actors exploited compromised AWS credentials to hijack Amazon’s Simple Email Service (SES), launching large-scale phishing operations capable of sending over 50,000 malicious emails daily. The Wiz…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant security flaw has been discovered in pgAdmin, the widely used open-source administration and development platform for PostgreSQL databases. The vulnerability, tracked as CVE-2025-9636, affects all pgAdmin versions up to and including 9.7, potentially allowing remote attackers to gain unauthorized access to user accounts and the sensitive data they manage. The core of the […] The post PgAdmin Vulnerability Lets Attackers Gain Unauthorised Account Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept (PoC) exploit has been released for a critical remote code execution (RCE) vulnerability in ImageMagick 7’s MagickCore subsystem, specifically affecting the blob I/O (BlobStream) implementation. Security researchers and the ImageMagick team urge all users and organizations to update immediately to prevent exploitation. ImageMagick, a widely used image processing library, was found to contain a heap out-of-bounds write […] The post PoC Exploit Released for ImageMagick RCE Vulnerability – Update Now appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed security flaw in pgAdmin4, the widely used open-source tool for managing PostgreSQL databases, has raised serious concerns among developers and database administrators across the world. The vulnerability, tracked as CVE-2025-9636…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a recent autonomous penetration test, a novel cross-site scripting (XSS) bypass that sidesteps even highly restrictive Web Application Firewalls (WAFs). Security researchers uncovered a ASP.NET application protected by a rigorously configured WAF. C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply-chain attack that impacted over 700 organizations, including major cybersecurity firms, has been traced back to a compromise of Salesloft’s GitHub account that began as early as March 2025. In an update on September 6, 2025, Salesloft confirmed that an investigation by cybersecurity firm Mandiant found that threat actors leveraged this initial access […] The post Salesloft Drift Cyberattack Linked to GitHub Compromise and OAuth Token Theft appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
According to the Wall Street Journal, the deceptive message, purporting to come from Representative John Moolenaar, was dispatched in July to multiple U.S. trade groups, prominent law firms and government agencies. WASHINGTON, Sept. 7 (Reuters) – U.S. …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
