Waqas reports: TeleMessage SGNL, a made-in-Israel clone of the Signal app used by US government agencies and regulated businesses, has been found running with an outdated configuration that exposes sensitive internal data to the internet, no login required. The main cause of the problem is how some deployments of TeleMessage SGNL are using older versions…
As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. “Attackers can take control of a malicious server and read/write arbitrary files of any connected client,” the CERT Coordination Center (CERT/CC) said in an…
Dan Cooper, Benjamin Haley, Deon Govender, Ahmed Mokdad, and Mosa Mkhize of Covington and Burling write: On April 7, 2025, South Africa’s Information Regulator announced a new requirement for organizations to report data breaches—referred to under local law as “security compromises”—via an online eServices Portal. The announcement marks a significant procedural shift in how companies must comply with…
Habib Mohammadi reports: A group of unidentified hackers has breached the Taliban’s databases, leaking documents from 21 ministries and government agencies, some of which appear to be classified, according to reports circulating online. The leaked files reportedly include documents from the Taliban-controlled ministries of finance, justice, foreign affairs, information and culture, telecommunications, and mining, as…
Salesforce has warned of detected “unusual activity” related to Gainsight-published applications connected to the platform. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,” the company said in an advisory. The cloud services firm said it has taken the step of revoking all active access…
Matt Kapko reports that a Canadian national has consented to be extradited to the United States to face federal charges that could send him away for a long, long time: A Canadian citizen is one step closer to standing trial in the United States for his alleged involvement in a series of attacks targeting as…
Cisco has released patches for three vulnerabilities, including a critical privilege escalation bug and a DoS flaw for which exploit code exists. The post Cisco Patches Critical Vulnerability in Meeting Management appeared first on SecurityWeek.
