-
A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation’s entire Social Security dataset in an unsecured cloud environment. Chief Data Officer Charles Borges warned that, if malicious actors gain access, over 300 million Americans could face identity […] The post DOGE Accused of Mimicking Country’s Social Security Info in Unsecured Cloud appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified ransomware strain named Cephalus has emerged as a sophisticated threat, targeting organizations through compromised Remote Desktop Protocol (RDP) connections. The malware, which takes its name from Greek mythology referencing the son of Hermes who tragically killed his wife with an infallible javelin, represents a concerning evolution in ransomware deployment techniques. Cephalus distinguishes […] The post New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or internal network pivoting. Tracked as…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine critical vulnerabilities in INVT VT-Designer and HMITool (CVSS v4 8.5). Multiple flaws in Schneide…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly documented cache deception attack leverages mismatches in path normalization and delimiter handling between caching layers and origin servers to expose sensitive endpoints and steal authentication tokens. Researchers have demonstrated how subtl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Government Accountability Project submitted a protected disclosure from Charles Borges—SSA’s Chief Data Officer—to the Office of Special Counsel and congressional oversight committees. Borges reports that since DOGE’s inception in January 2025, its…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released an emergency security update for Chrome to address a critical use-after-free vulnerability (CVE-2025-9478) in the ANGLE graphics library that could allow attackers to execute arbitrary code on compromised systems. The vulnerability affects Chrome versions prior to 139.0.7258.154/.155 across Windows, Mac, and Linux platforms. The security flaw was discovered by Google’s Big Sleep […] The post Critical Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released an urgent security update for the Chrome Stable channel to address a critical use-after-free vulnerability in the ANGLE graphics library that could allow attackers to execute arbitrary code on vulnerable systems. The fixes…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated data exfiltration campaign targeting corporate Salesforce instances has exposed sensitive information from multiple organizations through compromised OAuth tokens associated with the Salesloft Drift third-party application. The threat actor, designated as UNC6395, systematically harvested credentials and sensitive data between August 8-18, 2025, demonstrating advanced operational security awareness while executing SOQL queries across numerous Salesforce […] The post Salesloft Drift Hacked to Steal OAuth Tokens and Exfiltrate from Salesforce Corporate Instances appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
