-
A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A default auto-sync feature in Microsoft OneDrive automatically moves local files to SharePoint, creating a significant security risk by exposing sensitive data and secrets on a large scale. Research from Entro Security highlights the severity of the issue, revealing that one in every five exposed secrets within an enterprise originates from files synced to SharePoint. […] The post Microsoft OneDrive Auto-Sync Exposes Enterprise Secrets in SharePoint Online appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 1…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has announced the full general availability of client-side encryption (CSE) for Google Sheets. This significant upgrade gives organizations direct control over encryption keys and enhances data confidentiality within Google Workspace. This move extends robust security features to spreadsheets, ensuring that sensitive data remains unreadable to Google, and addresses critical compliance and data portability needs […] The post Google Announces Full Availability of Client-Side Encryption for Google Sheets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for K…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. While many C2 frameworks garner public attention, AdaptixC2 has remained largely under the radar—until Unit 42 documented its deployment by real-world th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault injection testing in Kubernetes environments. The security flaws, collectively dubbed “Chaotic Deputy,” comprise four CVEs that enable complete cluster compromise through relatively simple exploitation techniques. Key Takeaways1. “Chaotic Deputy” in Chaos Mesh <2.7.3 allows unauthenticated GraphQL […] The post Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A medium-severity vulnerability has been discovered in the official Kubernetes C# client, which could allow an attacker to intercept and manipulate sensitive communications. The flaw, rated 6.8 on the CVSS scale, stems from improper certificate validation logic. This weakness exposes applications using the client to Man-in-the-Middle (MiTM) attacks, potentially leading to the compromise of credentials, […] The post Kubernetes C# Client Vulnerability Exposes API Server Communication To MiTM Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A global ad fraud and click fraud operation, dubbed SlopAds, comprising 224 Android apps that collectively amassed more than 38 million downloads across 228 countries and territories. Under the guise of AI-themed utilities, these apps employ advanced o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Conor Brian Fitzpatrick, the 22-year-old founder of BreachForums, has been resentenced to three years in federal prison for operating one of the world’s largest cybercriminal marketplaces. The New York resident was sentenced on September 16, 2025, for creating and administering a platform that facilitated the sale of stolen data and harbored child sexual abuse material […] The post World’s Largest Hacking Forum BreachForums Creator Sentenced to Three Years in Prison appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
