Experimental News Clipping Site

Tag: attacker

  • Slashdot: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach

    by

    Kurt Seifried
    in

    Source URL: https://yro.slashdot.org/story/25/10/08/208202/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach Feedly Summary: AI Summary and Description: Yes Summary: Salesforce is facing an extortion demand from a crime syndicate that claims to have stolen approximately 1 billion records from various customers, highlighting vulnerabilities in user compliance and security…

  • Cisco Talos Blog: Too salty to handle: Exposing cases of CSS abuse for hidden text salting

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/ Source: Cisco Talos Blog Title: Too salty to handle: Exposing cases of CSS abuse for hidden text salting Feedly Summary: A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered…

  • Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…

  • Slashdot: Are Software Registries Inherently Insecure?

    by

    Kurt Seifried
    in

    Source URL: https://developers.slashdot.org/story/25/10/05/2318202/are-software-registries-inherently-insecure?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Are Software Registries Inherently Insecure? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the persistent issues related to software supply chain attacks, emphasizing weaknesses in the design of software registries like npm, PyPI, and Docker Hub. It highlights how inadequate safeguards allowed for multiple registry breaches…

  • The Register: Red Hat fesses up to GitLab breach after attackers brag of data theft

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/10/03/red_hat_gitlab_breach/ Source: The Register Title: Red Hat fesses up to GitLab breach after attackers brag of data theft Feedly Summary: Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched What started as cyber crew bragging has now been confirmed by Red Hat: someone gained access to its…