Critical Cisco ASA/FTD VPN Zero-Day Exploited in the Wild; CISA Issues Emergency Mitigation Summary of the incident Cisco has alerted customers to two security flaws affecting the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, noting active exploitation in the wild. One…
Salesforce Patches Critical “ForcedLeak” Flaw in Agentforce That Could Expose CRM Data via Indirect Prompt Injection What happened Cybersecurity researchers at Noma Security disclosed a critical vulnerability in Salesforce Agentforce — the vendor’s platform for building AI-driven agents — that could allow attackers to exfiltrate sensitive information from a connected Salesforce CRM instance by leveraging…
Recorded Future Names Chinese State-Sponsored Cluster “RedNovember” Using Pantegana and Cobalt Strike Background and context Security firm Recorded Future, which had been tracking an activity cluster under the tracking name TAG-100, has reclassified the cluster as a Chinese state-sponsored threat actor and given it the name RedNovember. The activity has been observed targeting government and…
Cisco issues urgent patch for actively exploited IOS and IOS XE zero-day Summary of the advisory Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is being actively exploited in the wild. Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco…
One Weak Password Ended a 158-Year-Old Logistics Firm The incident in brief KNP Logistics Group, a company with roots stretching back 158 years and formerly known as Knights of Old, has ceased operations after an incident tied to a single compromised or weak password. The business had built a substantial transport operation over its lifetime,…
BadIIS SEO-Poisoning Campaign Redirects Traffic and Installs Web Shells in Vietnam and Southeast Asia Summary of the discovery Cybersecurity researchers have identified an SEO poisoning campaign that uses malicious search-result manipulation to infect or redirect visitors and then deploy a malware family dubbed “BadIIS.” The activity, tracked by Palo Alto Networks Unit 42 as CL-UNK-1037…
Microsoft begins Windows 11 beta rollout of AI-powered Gaming Copilot Overview of the rollout Microsoft has started a staged beta rollout of Gaming Copilot to Windows 11 PCs. The company is making the beta available to users aged 18 or older, but the rollout explicitly excludes devices located in mainland China. Microsoft has begun rolling…
Microsoft Begins Beta Rollout of Gaming Copilot for Windows 11 PCs Overview of the rollout Microsoft has started a beta rollout of Gaming Copilot to Windows 11 systems. The initial deployment is limited to users who are 18 years or older and excludes availability in mainland China. Microsoft’s announcement positions the release as an expansion…
UNC1549 Campaign Compromises 34 Devices at 11 European Telecom Firms Using LinkedIn Job Lures and MINIBIKE Malware Summary Security researchers have attributed a recent espionage campaign targeting European telecommunications companies to the cluster known as UNC1549. According to reporting by thehackernews.com and tracking by Swiss cybersecurity firm PRODAFT, the actor (tracked by PRODAFT as “Subtle…
Automating Alert Triage with AI Agents and Confluence SOPs Using Tines Summary of the workflow The workflow highlighted by Tines automates security alert triage by using AI-driven agents to identify the correct Standard Operating Procedures (SOPs) documented in Confluence, and then executing the appropriate response steps through the platform. The underlying Tines library — maintained…