China-linked PlugX Variant and Bookworm Campaign Target Asian Telecoms and ASEAN Networks Summary of the campaign Security reporting highlights an ongoing campaign that is distributing a new variant of the PlugX backdoor (also known as Korplug or SOGU) while targeting telecommunications and manufacturing organizations across Central and South Asia, with impacts reported in ASEAN networks.…
Microsoft Tests AI Auto-Categorization for Photos on Windows 11 Overview Microsoft has begun testing a new AI-powered capability in the Microsoft Photos app that automatically organizes photos on Windows 11 devices. The feature, currently in testing, is intended to categorize images to make search and browsing faster and more intuitive. Microsoft’s announcement signals another major…
Trump Signs Order Approving US Investors to Restructure TikTok Operations over National Security Concerns Overview of the executive order U.S. President Donald Trump has signed an executive order approving a plan to restructure TikTok operations in the country to address national security concerns. The measure authorizes a change in the ownership and operational control of…
Critical Cisco ASA/FTD VPN Zero-Day Exploited in the Wild; CISA Issues Emergency Mitigation Summary of the incident Cisco has alerted customers to two security flaws affecting the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, noting active exploitation in the wild. One…
Salesforce Patches Critical “ForcedLeak” Flaw in Agentforce That Could Expose CRM Data via Indirect Prompt Injection What happened Cybersecurity researchers at Noma Security disclosed a critical vulnerability in Salesforce Agentforce — the vendor’s platform for building AI-driven agents — that could allow attackers to exfiltrate sensitive information from a connected Salesforce CRM instance by leveraging…
Recorded Future Names Chinese State-Sponsored Cluster “RedNovember” Using Pantegana and Cobalt Strike Background and context Security firm Recorded Future, which had been tracking an activity cluster under the tracking name TAG-100, has reclassified the cluster as a Chinese state-sponsored threat actor and given it the name RedNovember. The activity has been observed targeting government and…
Cisco issues urgent patch for actively exploited IOS and IOS XE zero-day Summary of the advisory Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is being actively exploited in the wild. Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco…
One Weak Password Ended a 158-Year-Old Logistics Firm The incident in brief KNP Logistics Group, a company with roots stretching back 158 years and formerly known as Knights of Old, has ceased operations after an incident tied to a single compromised or weak password. The business had built a substantial transport operation over its lifetime,…
BadIIS SEO-Poisoning Campaign Redirects Traffic and Installs Web Shells in Vietnam and Southeast Asia Summary of the discovery Cybersecurity researchers have identified an SEO poisoning campaign that uses malicious search-result manipulation to infect or redirect visitors and then deploy a malware family dubbed “BadIIS.” The activity, tracked by Palo Alto Networks Unit 42 as CL-UNK-1037…
Microsoft begins Windows 11 beta rollout of AI-powered Gaming Copilot Overview of the rollout Microsoft has started a staged beta rollout of Gaming Copilot to Windows 11 PCs. The company is making the beta available to users aged 18 or older, but the rollout explicitly excludes devices located in mainland China. Microsoft has begun rolling…