SaaS Breaches Start with Tokens – What Security Teams Must Watch
SaaS Breaches Start with Tokens – What Security Teams Must Watch Summary Token theft — OAuth access tokens, API keys and session tokens — has emerged as a primary vector…
From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine
From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine Summary The State Service for Special Communications and Information Protection (SSSCIP) reports a clear uptick in…
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme Summary A critical authentication-bypass vulnerability (CVE-2025-5947, CVSS 9.8) in the Service Finder Bookings plugin—bundled with the Service Finder WordPress…
Tech industry association sues to block Texas ‘censorship’ law age-gating access to apps
Tech industry association sues to block Texas ‘censorship’ law age-gating access to apps Summary The Computer & Communications Industry Association (CCIA) has filed suit against Texas to block the Texas…
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts Summary Cybersecurity firm Huntress has reported a widespread compromise of SonicWall SSL VPN devices that allowed threat actors to…
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks Summary Threat actors associated with Storm-2603 (aka CL-CRI-1040 / Gold Salem) have been observed weaponising Velociraptor — an open-source…
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation Summary Fortra disclosed the results of its investigation into CVE-2025-10035, a critical deserialization vulnerability in the GoAnywhere Managed File…
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign Summary Security researchers (Socket) have uncovered 175 malicious npm packages that together have been downloaded about 26,000 times…
CL0P-Linked Hackers Breach Dozens of Organisations Through Oracle Software Flaw
CL0P-Linked Hackers Breach Dozens of Organisations Through Oracle Software Flaw Summary Google’s Threat Intelligence Group (GTIG) and Mandiant report that dozens of organisations were likely impacted by a coordinated exploitation…
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps Summary Security researchers have uncovered a rapidly evolving Android spyware campaign dubbed “ClayRat” that targets users (notably in…