-
China-aligned TA415 hackers have adopted Google Sheets and Google Calendar as covert command-and-control (C2) channels in a sustained espionage campaign targeting U.S. government, academic, and think tank entities. By blending malicious operations into…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has witnessed an unprecedented surge in API-focused attacks during the first half of 2025, with threat actors launching over 40,000 documented incidents against application programming interfaces across 4,000 monitored environments. This alarming escalation represents a fundamental shift in attack methodology, as cybercriminals have identified APIs as the most lucrative and vulnerable entry […] The post 40,000+ Cyberattacks Targeting API Environments To Inject Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A default auto-sync feature in Microsoft OneDrive automatically moves local files to SharePoint, creating a significant security risk by exposing sensitive data and secrets on a large scale. Research from Entro Security highlights the severity of the issue, revealing that one in every five exposed secrets within an enterprise originates from files synced to SharePoint. […] The post Microsoft OneDrive Auto-Sync Exposes Enterprise Secrets in SharePoint Online appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 1…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has announced the full general availability of client-side encryption (CSE) for Google Sheets. This significant upgrade gives organizations direct control over encryption keys and enhances data confidentiality within Google Workspace. This move extends robust security features to spreadsheets, ensuring that sensitive data remains unreadable to Google, and addresses critical compliance and data portability needs […] The post Google Announces Full Availability of Client-Side Encryption for Google Sheets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for K…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. While many C2 frameworks garner public attention, AdaptixC2 has remained largely under the radar—until Unit 42 documented its deployment by real-world th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault injection testing in Kubernetes environments. The security flaws, collectively dubbed “Chaotic Deputy,” comprise four CVEs that enable complete cluster compromise through relatively simple exploitation techniques. Key Takeaways1. “Chaotic Deputy” in Chaos Mesh <2.7.3 allows unauthenticated GraphQL […] The post Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A medium-severity vulnerability has been discovered in the official Kubernetes C# client, which could allow an attacker to intercept and manipulate sensitive communications. The flaw, rated 6.8 on the CVSS scale, stems from improper certificate validation logic. This weakness exposes applications using the client to Man-in-the-Middle (MiTM) attacks, potentially leading to the compromise of credentials, […] The post Kubernetes C# Client Vulnerability Exposes API Server Communication To MiTM Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
