security breaches – Experimental News Clipping Site

The Register: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried

Oct 6, 2025

—

by

Source URL: https://www.theregister.com/2025/10/06/microsoft_blames_medusa_ransomware_affiliates/ Source: The Register Title: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried Feedly Summary: You can’t find anything bad if you don’t look, right? Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra’s GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence.……

The Register: Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/10/06/perfect_10_redis_rce_lurking/ Source: The Register Title: Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution Feedly Summary: No evidence of exploitation … yet A 13-year-old critical flaw in Redis servers, rated a perfect 10 out of 10 in severity, can let an authenticated user trigger remote code execution.……

The Register: Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files

Oct 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/10/02/cybercrims_claim_raid_on_28000/ Source: The Register Title: Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files Feedly Summary: 570GB of data claimed to be stolen by the Crimson Collective A hacking crew claims to have broken into Red Hat’s private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive…

The Register: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

Sep 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/26/salesforce_agentforce_forceleak_attack/ Source: The Register Title: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales Feedly Summary: More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers…

Slashdot: Neon Goes Dark After Exposing Users’ Phone Numbers, Call Recordings, Transcripts

Sep 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://yro.slashdot.org/story/25/09/25/221215/neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-transcripts?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Neon Goes Dark After Exposing Users’ Phone Numbers, Call Recordings, Transcripts Feedly Summary: AI Summary and Description: Yes Summary: The emergence of the Neon app, which enabled users to monetize their phone call recordings while simultaneously offering data to AI companies, has raised significant security concerns following a critical…

The Register: EV charging biz zaps customers with data leak scare

Sep 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/23/dcs_data_breach/ Source: The Register Title: EV charging biz zaps customers with data leak scare Feedly Summary: Names, emails unplugged in DCS support snafu – but ‘billing is safe’ An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security “incident" at a service provider.… AI…

Unit 42: The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/code-assistant-llms/ Source: Unit 42 Title: The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception Feedly Summary: We examine security weaknesses in LLM code assistants. Issues like indirect prompt injection and model misuse are prevalent across platforms. The post The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception appeared first…

The Register: Careless engineer stored recovery codes in plaintext, got whole org pwned

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/15/ransomware_recovery_codes_plaintext/ Source: The Register Title: Careless engineer stored recovery codes in plaintext, got whole org pwned Feedly Summary: Cautionary tale from the recent SonicWall attacks Failing to encrypt sensitive data leaves you wide open to attack. During the recent SonicWall attack spree, intruders bypassed multi-factor authentication (MFA) in at least one case, because…

Unit 42: Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain

Sep 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/third-party-supply-chain-token-management/ Source: Unit 42 Title: Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain Feedly Summary: Effective OAuth token management is crucial for supply chain security, preventing breaches caused by dormant integrations, insecure storage or lack of rotation. The post Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain…

Slashdot: Jaguar Land Rover Extends Shutdown After Cyber Attack

Sep 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/09/08/2044243/jaguar-land-rover-extends-shutdown-after-cyber-attack Source: Slashdot Title: Jaguar Land Rover Extends Shutdown After Cyber Attack Feedly Summary: AI Summary and Description: Yes Summary: Jaguar Land Rover has faced a significant cyberattack that led to the shutdown of its factories both in the UK and internationally. This incident underscores the vulnerabilities that organizations, especially in manufacturing, face…

Tag: security breaches