Cyber News & Articles

Cyber News & Articles

Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs 

In this episode of the “Smashing Security” podcast, Graham unravels Operation Endgame – the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram. And BBC cyber correspondent Joe Tidy joins us to talk about “Ctrl-Alt-Chaos”, his new book diving into the murky world of teenage hackers, ransomware gangs, and the strange motivations that lie behind digital mayhem.

read more
Cyber News & Articles

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery 

New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications.
Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.
First disclosed by

read more
Cyber News & Articles

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC 

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0.
It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the

read more
Cyber News & Articles

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure 

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.
The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January

read more
Cyber News & Articles

Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games 

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah.
Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation “carried out by Iran and its proxies.”
“The actors

read more
Cyber News & Articles

Beware the Hidden Risk in Your Entra Environment 

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. 
A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. 
All the guest user needs are the permissions to create subscriptions in

read more
Cyber News & Articles

Cybercrime is surging across Africa 

A new INTERPOL report has sounded the alarm over a dramatic increase in cybercrime across Africa, with digital crime now accounting for a significant proportional of all criminal activity across the continent.

Read more in my article on the Hot for Security blog.

read more
Cyber News & Articles

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks 

Unknown threat actors have been distributing a trojanized version of SonicWall’s SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it.
“NetExtender enables remote users to securely connect and run applications on the company network,” SonicWall researcher Sravan Ganachari said. “Users can upload and download files, access network drives, and use

read more
Cyber News & Articles

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages 

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea.
According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript

read more
Cyber News & Articles

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options 

Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud.
The development comes ahead of the tech giant’s upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The

read more

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X