Oracle Fixes Critical Bug in Cloud Code Editor
The bug allowed an attacker an easy way to compromise full suite of developer tools in Oracle Cloud Infrastructure.
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms
Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February…
Fully Patched SonicWall Gear Under Likely Zero-Day Attack
A threat actor with likely links to the Abyss ransomware group is leveraging an apparent zero-day vulnerability to deploy the “Overstep” backdoor on fully up-to-date appliances.
Securing the Budget: Demonstrating Cybersecurity’s Return
By tying security investments to measurable outcomes — like reduced breach likelihood and financial impact — CISOs can align internal stakeholders and justify spending based on real-world risk.
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit
A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a group it tracks…
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access
Cybersecurity researchers have disclosed what they say is a “critical design flaw” in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. “The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely,” Semperis said in a report shared…
AI Agents Act Like Employees With Root Access—Here’s How to Regain Control
The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has moved beyond the hype cycle. Enterprises are: Deploying…
Women Who ‘Hacked the Status Quo’ Aim to Inspire Cybersecurity Careers
A group of female cybersecurity pioneers will share what they’ve learned about navigating a field dominated by men, in order to help other women empower themselves and pursue successful cybersecurity careers.
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components. “Insufficient…