-
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that’s built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers “always-on memory safety protection” across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has issued an updated warning for a critical security vulnerability in Active Directory Domain Services, tracked as CVE-2025-21293.
This flaw could permit an attacker who has already gained initial access to a system to escalate their privileges, potentially gaining complete control over the affected domain controller and undermining the security of the network infrastructure.
The vulnerability is categorized as an “Elevation of Privilege” issue stemming from an improper access control weakness, formally identified as CWE-284.
According to Microsoft’s advisory, an attacker who successfully exploits this flaw could elevate their privileges to the SYSTEM level.
Gaining SYSTEM privileges is the highest level of access on a Windows system, allowing an attacker to perform any action without restriction.
This includes installing malicious software, modifying or deleting critical data, and creating new administrative accounts, which could be used to establish persistence within the network.
The vulnerability was initially reported on January 14, 2025, with Microsoft providing an update on September 9, 2025, to offer further clarity.
Exploit Conditions And Assessment
Microsoft has assessed the exploitability of this vulnerability as “Exploitation Less Likely.” A key factor in this assessment is the attack vector, which requires an attacker to first log on to the target system.
This means the flaw cannot be exploited remotely by an unauthenticated user. The adversary must possess valid credentials, which could be obtained through tactics like phishing, credential stuffing, or exploiting a separate vulnerability.
Once authenticated, the attacker would need to run a specially crafted application to trigger the flaw and escalate their privileges.
At the time of the latest update, the vulnerability had not been publicly disclosed, and there were no reports of it being actively exploited in the wild.
Despite the prerequisite of prior access, the severity of the potential impact makes patching a critical priority for IT administrators.
An attacker with SYSTEM-level control on a domain controller can compromise the entire Active Directory forest, putting all domain-joined resources at risk.
Organizations are strongly advised to apply the security updates released by Microsoft to protect their domain controllers from this threat.
This incident serves as a reminder that a defense-in-depth security strategy, which includes regular patching, network segmentation, and monitoring for anomalous user activity, is essential to defend against multi-stage attacks that leverage local privilege escalation vulnerabilities.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The House Select Committee on China has formally issued an advisory warning of an “ongoing” series of highly targeted cyber espionage campaigns linked to the People’s Republic of China (PRC) amid contentious U.S.–China trade talks. “These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a twist of fate that underscores both the power and inherent transparency of endpoint detection and response (EDR) solutions. By investigating alerts generated through this deployment, the Huntress Security Operations Center (SOC) gained unprecedented insight into the adversary’s day-to-day workflows, tool usage, and evolving tradecraft. Huntress’s commitment to transparency and community education led to […]
The post Threat Actor’s Self-Deployment of EDR Exposes Their Tools and Workflows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has witnessed a novel phishing campaign that weaponizes Google’s no-code platform, AppSheet, to harvest user credentials. By abusing AppSheet’s trusted email infrastructure, attackers are bypassing traditional security controls and delivering malicious content from legitimate domains. This development underscores the urgent need for context-aware detection systems that analyze message intent, not just sender […]
The post Hackers Impersonate Google AppSheet in Latest Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released patches for two significant vulnerabilities in Microsoft Office that could allow attackers to execute malicious code on affected systems.
The flaws, tracked as CVE-2025-54910 and CVE-2025-54906, were disclosed on September 9, 2025, and affect various versions of the popular productivity suite.
While Microsoft has assessed exploitation as “less likely” for both vulnerabilities at this time, their potential for remote code execution warrants immediate attention from users and administrators.
The vulnerabilities differ in their exploitation methods and severity, with one being rated as Critical and the other as Important.
Critical Microsoft Office Vulnerabilities
The more severe of the two flaws, CVE-2025-54910, is a Critical-rated heap-based buffer overflow vulnerability.
This type of weakness, cataloged as CWE-122, can allow an unauthorized attacker to execute arbitrary code locally on a target machine. A particularly dangerous aspect of this vulnerability is that the Preview Pane in Microsoft Office serves as an attack vector.
This means that an attacker could potentially trigger the exploit without any interaction from the user beyond them simply receiving and viewing a malicious file in an Explorer window.
Although the attack is executed locally, the term “remote” in the vulnerability’s title refers to the attacker’s location, highlighting that they do not need prior access to the victim’s machine.
The second vulnerability, CVE-2025-54906, is rated as Important and stems from a Use-After-Free condition, tracked as CWE-416.
This flaw also permits remote code execution, but its exploitation vector differs significantly from the heap-based overflow. To exploit this vulnerability, an attacker must craft a malicious file and socially engineer the user into opening it.
Unlike the other flaw, the Preview Pane is not an attack vector for CVE-2025-54906, meaning the user must actively engage with the malicious content.
This requirement for user interaction is a key reason for its lower severity rating compared to the Preview Pane vulnerability.
Mitigations
Microsoft has released security updates to address these vulnerabilities for most affected software. The company advises customers to apply all updates offered for the software installed on their systems to ensure comprehensive protection.
It should be noted that security updates for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available but will be released shortly.
Microsoft will notify customers through a revision to the CVE information once these updates are ready. Given the serious nature of remote code execution flaws, users are strongly encouraged to install the patches as soon as possible to mitigate the risk of potential exploitation.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Critical Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
HackerOne has confirmed it was among the companies affected by a recent data breach that provided unauthorized access to its Salesforce instance. The access was gained through a compromise of the third-party application Drift, which Salesloft owns.
The bug bounty platform announced the security incident, aligning with its company value of “Default to Disclosure.” According to the company, its security team was first notified of a potential compromise by Salesforce on Friday, August 22, 2025.
This was subsequently confirmed by Salesloft the following day, prompting HackerOne to activate its incident response protocols immediately.
The company is working in partnership with both Salesforce and Salesloft to investigate the full scope and impact of the breach. This incident is part of a broader attack campaign that has impacted hundreds of companies.
HackerOne Confirms Data Breach
As detailed in a report by Google’s Mandiant, threat actors targeted Salesforce customer records by exploiting a vulnerability within the Drift marketing and sales application.
By compromising Drift, attackers were able to pivot and gain unauthorized access to connected Salesforce environments, allowing for the theft of sensitive customer and sales data.
HackerOne’s confirmation places it on a growing list of firms responding to this supply chain attack. While the investigation remains ongoing, HackerOne stated that a subset of records within its Salesforce instance was accessed by the unauthorized parties.
However, the company expressed confidence that no customer vulnerability data was impacted or exposed during the incident.
This is attributed to the firm’s strict internal policies and controls, which govern data segmentation, effectively siloing sensitive vulnerability information away from the compromised sales and marketing data in the Salesforce environment.
HackerOne is continuing to conduct a forensic analysis on the specific records accessed to determine the exact nature of the exposed information.
The company has committed to communicating directly with any customers who are identified as being impacted by the breach.
This incident highlights the significant risks associated with third-party application integrations and the potential for supply chain attacks to bypass an organization’s direct security defenses.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post HackerOne Confirms Data Breach – Hackers Gained Unauthorized Access To Salesforce Instance appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses. Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Sophos has resolved an authentication bypass vulnerability in its AP6 Series Wireless Access Points that could allow attackers to gain administrator-level privileges.
The company discovered the issue during internal security testing and has released a firmware update to address it.
The security vulnerability allows an attacker with network access to the access point’s management IP address to bypass authentication controls. A successful exploit grants the threat actor administrator privileges on the affected device.
This elevated access could be leveraged to control the access point, intercept or manipulate network traffic, disrupt wireless connectivity, or use the compromised device as a pivot point to launch further attacks within the network.
Sophos reported that the vulnerability was found by its own team, highlighting a proactive approach to product security.
The nature of the flaw, requiring access to the management interface, suggests that the primary risk is from attackers already on the local network.
Sophos Wireless Access Points Vulnerability
This vulnerability affects Sophos AP6 Series Wireless Access Points running firmware versions prior to 1.7.2563 (MR7). To address the issue, Sophos has included a fix in firmware version 1.7.2563 (MR7), which was released after August 11, 2025.
Administrators managing these devices are urged to verify that their access points are running this version or a later one to ensure they are protected.
Any organization using older firmware versions remains vulnerable and must upgrade to receive the security fix and shield their networks from potential exploitation.
For most customers, the remediation process is automatic. Sophos AP6 devices are configured by default to install updates automatically, meaning the patched firmware will be applied without requiring manual intervention.
This default policy ensures that the majority of users are protected seamlessly. However, customers who have intentionally opted out of automatic updates must take manual action.
These users are required to upgrade their AP6 Series firmware to version 1.7.2563 (MR7) or a more recent version to apply the patch.
Failing to update leaves the wireless access points exposed to this critical authentication bypass risk.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Sophos Wireless Access Points Vulnerability Let Attackers Bypass Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
