Author: Staff Writer

Fast Facts US manufacturing companies are targeted by sophisticated campaigns like ZipLine, involving fake domains and malware delivery. The US Department of Defense is auditing code from Chinese engineers employed by Microsoft after concerns over data security, leading to termination of the program. Recent cybersecurity incidents include a 260,000-person data breach at Vital Imaging, Baltimore losing $1.5 million to a scam, and Qantas executives losing A$800,000 due to a data breach. Regulatory actions and scams include Google being fined €325 million for GDPR violations, scammers abusing AI chatbot Grok, and ongoing investigations into cyberattacks on Bridgestone and Iranian ships. Underlying…

Essential Insights Market Stagnation: The cyber insurance market is experiencing slowed organic growth and declining rates for the third consecutive year due to increased competition and excess supply surpassing demand. Concerns Over Sustainability: Insurers are worried about systemic loss events and data privacy liabilities, prompting questions about the sustainability of further premium cuts. Growth Forecasts Adjusted: Projections indicate that cyber insurance premiums may reach $15.6 billion in 2025, but growth estimates have been revised downward from 6% to 5% due to evolving market conditions. Need for Market Expansion: For sustainable growth, the industry must tap into new customer segments, particularly…

Top Highlights Wealthsimple disclosed a data breach affecting less than 1% of its clients, where attackers accessed personal and financial data but did not steal funds or compromise passwords. The breach was linked to a compromised third-party software package and is believed to be part of a broader Salesloft supply-chain attack associated with the ShinyHunters group. ShinyHunters has previously targeted high-profile companies via Salesforce vulnerabilities, now shifting to using stolen OAuth tokens to access Salesforce and associated cloud services. Wealthsimple is offering affected customers two years of free credit and identity theft protection, advising them to enable two-factor authentication and…

Summary Points Pentera has integrated Cl0p ransomware tests into its platform, enabling safe validation of defenses against this active and destructive ransomware group across Windows and Linux systems. Cl0p is one of the most prolific ransomware gangs, responsible for 19% of global attacks in Q1, mainly targeting North American victims with zero-day vulnerabilities. The platform allows organizations to simulate real Cl0p attack tactics, assess their prevention, detection, and response capabilities, and identify security gaps proactively. Pentera’s RansomwareReady now provides comprehensive coverage of the ransomware kill chain with actionable remediation guidance, enhancing organizations’ preparedness against evolving threats. Underlying Problem Pentera, a…

Essential Insights A critical SAP S/4HANA vulnerability (CVE-2025-42957) allows low-privilege users to inject arbitrary code, leading to full system compromise, with a CVSS score of 9.9, fixed on August 11, 2025. Despite the fix, unpatched systems are actively exploited by hackers, exploiting reverse-engineered patches, making exploitation relatively straightforward for skilled threat actors. The exploitation can result in severe consequences, including data theft, privilege escalation, malware deployment, and operational disruption. SAP administrators are urged to apply the August 2025 security updates immediately to mitigate active threats, as the vulnerability is already being weaponized in malicious campaigns. What’s the Problem? Researchers have…

Summary Points A critical vulnerability in SAP S/4HANA (CVe-2025-42957, CVSS 9.9) allows attackers with low privileges to inject arbitrary code, risking full system compromise. The flaw enables attackers to bypass security, modify databases, create superusers, and download password hashes, threatening data integrity and confidentiality. Active exploitation has been observed, affecting both on-premise and Private Cloud deployments, with threat actors able to achieve full system takeover easily. Organizations should urgently patch, monitor logs, restrict RFC access, and implement security measures like SAP UCON to prevent exploitation and data breaches. Key Challenge A severe security flaw has been identified in SAP S/4HANA,…

Fast Facts Zero-Day Vulnerability: Google researchers identified a zero-day vulnerability (CVE-2025-53690) in the SiteCore CMS related to a ViewState deserialization attack, enabling remote code execution. Exposed Security Keys: Attackers exploited insecure ASP.NET machine keys, previously disclosed in SiteCore documentation from 2017, to gain unauthorized access. Urgent User Action Needed: SiteCore has urged all users to apply security patches immediately and verify their systems for potential breaches due to this vulnerability. CISA Inclusion: The Cybersecurity and Infrastructure Security Agency has added this CVE to its Known Exploited Vulnerabilities catalog, highlighting its critical nature. Serious Threats from Zero-Day Vulnerability Security researchers recently…

Summary Points CISA issued an urgent alert for CVE-2025-48543, a high-severity zero-day vulnerability in Android that is actively exploited in real-world attacks. The flaw is a use-after-free bug in Android Runtime (ART) allowing attackers to bypass security and escalate privileges, potentially leading to system-wide compromise. Active exploitation has been observed before a patch was released, prompting CISA to require federal agencies to apply updates by September 25, 2025, or cease using affected devices. Google addressed the vulnerability in September 2025, and users are strongly advised to install official updates immediately to prevent exploitation. The Core Issue The Cybersecurity and Infrastructure…

Essential Insights Attackers can bypass security tools by reading sensitive files directly from raw disk sectors, avoiding file access controls and logs. The method involves exploiting low-level Windows drivers to request raw disk data, reconstructing files like password hashes without opening them officially. This stealthy technique is effective even against advanced defenses like VBS, especially on systems with compromised or vulnerable drivers. Mitigation strategies include full disk encryption, restricting admin privileges, monitoring raw disk access, and vetting drivers to strengthen defenses. What’s the Problem? A recent report by Workday’s Offensive Security team uncovered a sophisticated hacking technique that allows cybercriminals…

Top Highlights New Cybercriminal Technique: Researchers have identified a method called "Grokking," where criminals exploit X’s AI assistant, Grok, to bypass malvertising protections and spread malicious links. Exploitation of Metadata: Malvertisers use video posts with adult content as bait, hiding harmful links in the "From:" metadata, which is not scanned by the platform. AI Amplification: By tagging Grok in posts with questions, fraudsters ensure the AI displays the malicious link, amplifying its reach to millions, thereby enhancing its SEO and domain reputation. Organized Malicious Activity: Guardio Labs has discovered numerous accounts engaging in this technique in an organized manner, flooding…