Author: Staff Writer

Summary Points High-Severity Vulnerability: A critical security flaw (CVE-2025-59363) in One Identity OneLogin’s IAM solution exposes sensitive OpenID Connect client secrets, rated 7.7/CVSS. Exploitation Method: Attackers with valid API credentials can retrieve client secrets by accessing the misconfigured /api/2/apps endpoint, risking unauthorized data access and impersonation of applications. Widespread Risk: The flaw enables lateral movement within the OneLogin platform due to broad API access and lack of IP allowlisting, making it exploitable from anywhere globally. Mitigation and Awareness: OneLogin addressed the vulnerability in version 2025.3.0 by concealing OIDC client secrets, highlighting the critical need for robust API security in identity…

Essential Insights Orphaned secrets—API keys, tokens, and credentials left active after they’re no longer needed—pose significant security risks, including unauthorized access, privilege escalation, and lateral movement in sistemas. Common causes include rapid development cycles, team turnover, and system evolution, leading to scattered secrets in multiple locations, making them difficult to track and manage. Automated tools, central management platforms, and integrating secret lifecycle processes into CI/CD pipelines are essential for identifying, rotating, and securely managing secrets. Centralized secret management, with features like automatic rotation, access controls, and audit logs, is vital for preventing orphaned secrets, maintaining security, and ensuring operational efficiency.…

Fast Facts A Chinese-linked hacking group, ‘Phantom Taurus,’ has been conducting covert espionage against government and telecommunications organizations worldwide for over two years, utilizing shared infrastructure but distinct TTPs. It employs unique malware families like Specter, Net-Star, and Ntospy, alongside traditional Chinese hacking tools, to target high-value organizations in Africa, the Middle East, and Asia, especially email servers and databases. Since 2025, Phantom Taurus has used advanced .NET malware, including the IIServerCore backdoor and AssemblyExecuter loaders, capable of in-memory operations and evasion of security measures. The group focuses on diplomatic and defense intelligence, timing attacks with major global events, reflecting…

Quick Takeaways The expiration of the 2015 Cybersecurity Information Sharing Act (CISA) has raised concerns about decreased cybersecurity collaboration between the government and private sector, leaving networks vulnerable to threats. CISA 2015 provided crucial protections that encouraged companies to share threat information, which has been vital for tracking and responding to cyberattacks over the past decade. Failure to renew the act was primarily due to conflict over new restrictions proposed by Senate Homeland Security Committee Chair Rand Paul regarding misinformation, despite widespread bipartisan support for reauthorization. Industry leaders warn that without the law’s protections, information-sharing practices may decline, resulting in…

Top Highlights Broadcom released security patches for two high-severity VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252), reported by the NSA, that allow unauthenticated username enumeration and brute-force attacks. An additional fix was issued for a VMware vCenter SMTP header injection flaw (CVE-2025-41250), which could enable attackers with limited privileges to manipulate email notifications. Broader vulnerabilities across VMware products, including Aria Operations and Tools, have been identified, with exploits capable of privilege escalation, credential theft, and VM access, highlighting persistent targeted threats. VMware vulnerabilities remain a significant focus for malicious actors, with recent exploits linked to state-sponsored hacking, such as Chinese hackers…

Essential Insights DDoS-Attacken stellen 77% der gemeldeten Cybervorfälle laut ENISA-Report, überwiegend von Hacktivisten verursacht, mit begrenztem Schaden durch vorübergehende Serverausfälle. Zwischen Juli 2024 und Juni 2025 wurden 4.875 Vorfälle analysiert, wobei die zunehmende Digitalisierung die Schwachstellen in Lieferketten offenkundig macht. Öffentliche Verwaltung in der EU ist am häufigsten Ziel von Cyberangriffen (38,2%), insbesondere diplomatische und staatliche Einrichtungen. Die Angriffe auf Regierungseinrichtungen sind Teil von Hacktivismus und staatlich unterstütztem Cyber-Spionage, wodurch kritische Infrastrukturen gefährdet werden. Problem Explained According to the ENISA report covering July 2024 to June 2025, a staggering 77% of reported cybersecurity incidents were DDoS (Distributed Denial of Service)…

Quick Takeaways Cybersecurity Awareness Month emphasizes the critical role of protecting government, small, and medium-sized businesses in safeguarding national infrastructure, especially amid recent high-profile attacks. Identity remains the most exploited attack vector, with over 70% of breaches involving credential misuse, as attackers increasingly target valid logins through phishing and credential theft. Effective cybersecurity defense must focus on integrated tools that disrupt attack chains at every stage, prioritizing proactive identity security measures like least privilege access and continuous behavior monitoring. To combat evolving threats, organizations must elevate identity security to a board-level priority, adopting advanced, resilient authentication, automating lifecycle management, and…

Quick Takeaways A critical zero-day flaw (CVE-2025-20333) in Cisco firewalls, with a CVSS score of 9.9, is actively exploited in the wild, allowing remote code execution and full device control through VPN web server vulnerabilities. Over 48,800 unpatched IP addresses, mainly in the U.S., have been identified, highlighting widespread exposure and risk among organizations relying on affected Cisco firewalls. The vulnerability exploits proper validation issues in HTTP(S) requests, requiring authenticated access via compromised credentials, which can lead to persistent backdoors and data interception. Cisco has issued urgent patches for both CVE-2025-20333 and a secondary CVE-2025-20362 flaw, which enables unauthenticated access;…

Fast Facts Western Digital released firmware 5.31.108 to fix a critical remote OS command injection vulnerability (CVE-2025-30247) affecting multiple My Cloud NAS models. The flaw allows remote attackers to execute arbitrary commands via specially crafted HTTP POST requests, risking unauthorized data access, modifications, or system compromise. Affected devices include various My Cloud models, with some reaching end of support, for which patches may not be available; users are advised to update immediately or disconnect devices. Users should verify their firmware version, enable automatic updates, or manually update by downloading the latest firmware, ensuring the process is completed with the device…

Summary Points Asahi Group Holdings suspended operations in Japan due to a cyberattack, with no current evidence of data leakage, but ongoing investigations and system restoration efforts are in place. Japan’s new Active Cyber Defense Law enhances government authority to intercept foreign internet traffic and requires critical infrastructure to report cybersecurity incidents, aiming to improve national cyber resilience. Rising cyber threats have caused disruptions across industries, exemplified by Jaguar Land Rover’s extended production halts and Bridgestone’s investigation into recent cyberattacks on North American facilities. Industrial control systems (ICS/OT) exposure is increasing globally, with over 180,000 devices visible monthly in 2024,…