News

Sophos Firewall v21.5: Streamlined management

Bys s May 21, 2025

How to make the most of the new features in Sophos Firewall v21.5.

News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Bys s March 26, 2026

Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared…

Read More Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
News

New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
Bys s March 10, 2026

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims’ databases and exfiltrate sensitive data within organizations’ Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in

Read More New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
News

GitHub is starting to have a real malware problem
Bys s March 23, 2026

Catalin Cimpanu reports: GitHub is slowly becoming a very dangerous website as more and more threat actors are starting to use it to host and distribute malware disguised as legitimate software repositories. What started as an infrequent sighting in early 2024 is now at the center of an increasing number of infosec and malware reports. The tactic……

Read More GitHub is starting to have a real malware problem
News

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Bys s June 12, 2025

Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts. The activity, codenamed UNK_SneakyStrike by Proofpoint, has affected over 80,000 targeted user accounts across hundreds of organizations’ cloud tenants since a

Read More Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
News

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
Bys s July 16, 2025

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign “decoy” app that’s hosted on the Google Play…

Read More New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
News

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Bys s November 22, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated

Read More CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Similar Posts