-
Delta Dental of Virginia, a non-profit dental benefits organization based in Roanoke, has announced a significant data breach affecting approximately 145,918 individuals. The unauthorised access to an external system exposed sensitive personal informat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Five newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable ad…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by the notorious Clop ransomware gang, has impacted dozens of major organizations worldwide. The group listed Canon on its dark web leak site, publishing the company’s domain alongside other […] The post Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Huntress have uncovered a sophisticated ClickFix campaign that leverages steganography to conceal malicious code within PNG images disguised as Windows Update screens. The attack chain delivers multiple variants of informat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SitusAMC, a major player in the real estate and finance services sector, disclosed a significant data breach on November 12, 2025, that compromised sensitive corporate information. The incident resulted in unauthorized access to client accounting recor…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been identified in Apache Syncope that could allow attackers to decrypt stored passwords if they gain access to the internal database. The flaw stems from the use of a hardcoded default AES encryption key, which undermines …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an incorrect default configuration in Vault’s Terraform Provider. Specifically, the provider set the deny_null_bind parameter […] The post HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune. The flaw stems from the tool connecting to dropped Azure Blob storage accounts that attackers could register and control. How the Vulnerability Works The vulnerability exists in version 1.0 of the Update […] The post Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that multiple cyber threat actors are actively exploiting commercial spyware to target users of popular mobile messaging applications, including Signal and W…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
