Author: Staff Writer

Summary Points Cybercriminals are exploiting trusted AI platforms like Simplified AI for sophisticated phishing attacks aimed at stealing credentials, bypassing traditional security measures. The 2025 campaign involved impersonation emails, password-protected PDFs, and fake Microsoft 365 login portals, leveraging social engineering and technical evasion tactics. The use of reputable AI platforms complicates detection, as threat actors capitalize on widespread enterprise trust and AI tool adoption without sufficient security oversight. Security experts recommend implementing multi-factor authentication, employee training, monitoring AI platform use, and advanced threat detection to mitigate such AI-based cyber threats. Problem Explained According to a recent report by cybersecurity firm…

Top Highlights A critical SAP S/4HANA vulnerability (CVE-2025-42957), patched in August, is actively exploited, allowing attackers with low privileges to take full control of systems. Exploitation enables data manipulation, creation of privileged users, password theft, business process modification, and potential system compromise leading to fraud or ransomware deployment. SecurityBridge has observed malicious activity in customer environments but has not disclosed specific attack details; the exploit is considered relatively simple for skilled attackers. Organizations should monitor for signs like suspicious RFC calls, new admin accounts, or unexpected code changes to detect potential exploitation. Key Challenge Recently, a critical vulnerability in SAP…

Quick Takeaways In August 2025, over 25,000 IP addresses conducted coordinated, large-scale reconnaissance scans targeting Cisco ASA devices, marking a significant escalation from normal activity. The surge was primarily driven by a Brazilian botnet, with over 80% of the 17,000 active IPs involved on August 26, focusing on probing specific Cisco vulnerabilities, especially the login path /+CSCOE+/logon.html. Scanning activity showed geographic patterns, predominantly originating from Brazil, Argentina, and the U.S., with most attacks aimed at U.S. networks, indicating a targeted and organized campaign. The scale and timing of the activity suggest threat actors may be preparing for a zero-day exploit,…

Essential Insights Bridgestone is investigating a cyberattack that affected some of its North American manufacturing facilities, with early containment reportedly preventing data theft and extensive network infiltration. The attack impacted facilities in South Carolina and Quebec, prompting rapid response efforts and ongoing forensic analysis by Bridgestone. The company has not confirmed if the incident was ransomware but emphasizes prioritizing business continuity and supply chain stability, with no customer data believed to have been compromised. Bridgestone previously suffered a ransomware attack in 2022 involving LockBit, which resulted in sensitive data leaks, highlighting ongoing cybersecurity risks. The Issue Bridgestone Americas, the North…

Essential Insights A new hacking group, "GhostRedirector," has compromised at least 65 Windows servers worldwide, deploying custom malware to manipulate search engine results for financial gain, mainly benefiting gambling sites in Portuguese-speaking regions. The group uses a malicious IIS module, "Gamshen," which intercepts requests from Googlebot to inject manipulated data, creating fake backlinks and boosting target sites’ rankings through SEO fraud as-a-service. The attack chain involves exploiting SQL injection vulnerabilities, downloading malware via PowerShell or CertUtil, and escalating privileges with exploits like "EfsPotato," establishing persistent remote access with custom tools such as "Zunput" and rogue administrator accounts. The campaign, likely…

Essential Insights Chess.com experienced a data breach in June 2025 due to unauthorized access to a third-party file transfer app, impacting approximately 4,500 of its over 100 million users. The breach was confined to the third-party application, with no effect on Chess.com’s core infrastructure or member accounts, although sensitive personally identifiable information (PII) may have been accessed. The platform responded by launching an investigation, notifying law enforcement, enhancing security measures, and offering impacted users 1-2 years of free identity theft and credit monitoring services. Chess.com previously faced a 2023 incident involving the scraping and posting of over 800,000 user records—highlighting…

Essential Insights Cybersecurity researchers uncovered GhostRedirector, a threat cluster targeting at least 65 Windows servers globally, mainly in Brazil, Thailand, and Vietnam, using a passive backdoor called Rungan and an IIS module named Gamshen for SEO fraud. The attack involves exploiting vulnerabilities like SQL injection, then deploying tools such as PowerShell, Rungan, and Gamshen to manipulate search engine rankings, boost websites, and maintain long-term access. GhostRedirector, believed to be China-aligned, uses shady SEO techniques, including creating artificial backlinks to promote gambling sites, with additional tools for privilege escalation and web shell deployment. This campaign showcases resilience through deploying multiple remote…

Fast Facts An attacker exploited a zero-day (CVE-2025-53690) in Sitecore by using publicly documented, misconfigured ASP.NET machine keys, enabling remote code execution. The vulnerability affects Sitecore Experience Platform 9.0 and earlier, especially when deployed in multi-instance mode with static, customer-managed keys. The attack involved deploying malware via ViewState deserialization, exploiting the absence or exposure of validation keys, allowing privilege escalation and data theft. Experts recommend rotating machine keys if known ones were used, but emphasize that ongoing threats remain if attackers already infiltrated systems, highlighting procedural security failures. Problem Explained A recent cybersecurity incident revealed a significant vulnerability stemming from…

Quick Takeaways Drift Software Compromise: Salesloft is temporarily disabling Drift due to a supply chain attack that has led to the theft of authentication tokens affecting multiple companies. Incident Investigation: The company is collaborating with cybersecurity firms Mandiant and Coalition to enhance security and assess the impact on customer data. Widespread Impact: The attack, attributed to threat cluster UNC6395, has potentially affected over 700 organizations, with integrations between Drift and various platforms at risk. Precautionary Measures: Salesforce has disabled all Salesloft integrations to mitigate risks, raising concerns about future targeted attacks on affected organizations. Salesloft Takes Drift Offline Amid OAuth…

Quick Takeaways Cyberattack Confirmed: Bridgestone Americas is facing a cyberattack impacting manufacturing operations, particularly a plant in Joliette, Quebec. Operations Normal: Despite the incident, the company asserts that business is operating normally and no sensitive information has been compromised. Forensic Investigation Underway: Bridgestone is conducting a forensic investigation to assess the attack, having responded quickly to contain the issue. Details Pending: The full scope of the cyber incident remains unclear, with no claims of responsibility from any threat actors. [gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘Bridgestone Americas…