Author: Staff Writer

Essential Insights Zero-Day Vulnerability Exploited: CrushFTP warns that a zero-day vulnerability (CVE-2025-54309) allows attackers to gain administrative access via the web interface on outdated servers, first detected on July 18. Patch Importance: Systems updated to CrushFTP versions v10.8.5 and v11.3.4_23 are not vulnerable; earlier versions may exploit the flaw, underscoring the need for regular patching to protect against attacks. Compromise Indicators and Responses: Signs of compromise include unexpected entries in user configuration and unknown admin usernames. Administrators should restore configurations from backups before July 16 and review logs for unusual activity. Caution on DMZ Usage: While using a DMZ for…

Cohesity, a leader in AI-powered data security, has announced the integration of Cohesity Gaia with Microsoft 365 Copilot, enabling knowledge workers to access and analyze backup data directly from the Microsoft 365 Copilot interface to drive better business decisions. “Organizations hold massive amounts of untapped business insights within their backup data. Until now, extracting and utilizing that data for actionable insights has been nearly impossible,” said Gregory Statton, Vice President of AI Solutions at Cohesity. “With Cohesity Gaia integrated into a widely used tool like Microsoft 365 Copilot, we’re empowering customers to mine their stored data seamlessly, enabling transformational insights…

Top Highlights MDifyLoader Malware Emergence: Cybersecurity researchers report the discovery of MDifyLoader, linked to cyber attacks exploiting critical vulnerabilities (CVE-2025-0282 and CVE-2025-22457) in Ivanti Connect Secure appliances, facilitating unauthorized remote code execution. Weaponization of Vulnerabilities: These vulnerabilities, patched in early 2025, have been actively exploited in the wild, with prior instances revealing their use to deploy malware families like SPAWNCHIMERA and DslogdRAT. Sophisticated Attack Methods: MDifyLoader utilizes DLL side-loading to initiate Cobalt Strike Beacon (v4.5). The attackers also employ Go-based tools (VShell and Fscan), which are increasingly used by Chinese hacking groups. Stealthy Network Intrusion Tactics: After infiltrating networks, attackers…

Securiti AI, a leading provider of integrated DSPM and AI security solutions, has announced the availability of its Security for Amazon Q solution in the newly launched AI Agents and Tools category of AWS Marketplace. This launch allows customers to easily discover, purchase, and deploy AI agent solutions—including Securiti’s comprehensive Data+AI Security offerings—directly through their AWS accounts, accelerating the development and secure deployment of AI agents and agentic workflows across their organizations. Tools category of AWS Marketplace. This integration enables customers to easily discover, purchase, and deploy AI agent solutions, including Securiti’s DSPM and AI security offerings, directly through their…

Quick Takeaways Massistant Tool Development: Massistant, a mobile forensics tool developed by SDIC Intelligence Xiamen Information Co., Ltd. (formerly Meiya Pico), is utilized by Chinese law enforcement to extract data from seized mobile devices, succeeding the earlier tool, MFSocket. Data Collection Capabilities: The tool allows access to sensitive data such as GPS location, SMS messages, images, audio, and more, requiring physical device access for installation and functioning alongside desktop software. Increasing Surveillance Functionality: Massistant offers new features, including data extraction from third-party messaging apps (like Signal) and can also connect to devices via Wi-Fi, expanding its reach to both Android…

Concentric AI has announced the granting of its fifth and sixth patents this year, underscoring its position as a leader in AI-powered data security and governance. These patents protect Concentric AI’s innovative methods for semantically categorizing data records and contextualizing anomalous user behaviors, setting it apart from traditional data security solutions in the market. The first patent, titled “Method and Electronic Device to Assign Appropriate Semantic Categories to Documents with Arbitrary Granularity,” covers Concentric AI’s proprietary approach that utilizes Large Language Models for semantic categorization. This breakthrough enables precise assignment of categories and subcategories to content at enterprise scale. Leveraging…

Quick Takeaways New UAE Data Center by 2025: Sophos will launch a data center in the UAE by the end of 2025, enhancing local AI-powered cloud security solutions and supporting the region’s digital transformation. Key Benefits: The data center will ensure stronger data sovereignty, faster performance with lower latency, and enterprise-grade resilience for critical sectors like government and healthcare. Empowering Regional Partners: The initiative will aid local partners by improving service delivery, meeting data residency requirements, and creating opportunities for business scalability amid evolving cyber threats. 24/7 Cyber Protection with Sophos MDR: Sophos Managed Detection and Response (MDR) offers continuous…

Lasso, a leading provider of Generative AI security solutions, has announced the launch of its GenAI Security integration with Cloudflare, delivering real-time monitoring and protection for GenAI traffic at the network level. This integration provides Cloudflare customers with comprehensive visibility and control over Generative AI traffic across web and cloud environments, safeguarding against data leaks, misuse, and policy violations. “Securing Generative AI isn’t just about endpoints or models—it’s about protecting the entire data flow, both inputs and outputs,” said Lior Ziv, Chief Technology Officer at Lasso. Cyber Technology Insights : Empirical Security Raises $12 Million to Stop Attacks with Custom Cybersecurity…

Essential Insights Recovery from Cyberattack: UNFI has largely regained order fulfillment capabilities post-cyberattack, with key metrics close to pre-incident levels, as stated by CEO Sandy Douglas. Financial Impact: The company incurred $20 million in recovery expenses and anticipates a $65 million to $75 million pre-tax loss due to the incident, although insurance reimbursements are expected to cover these costs. Sales Projections: For the current fiscal year, UNFI expects sales between $31.6 billion to $31.8 billion while continuing to pursue multi-year financial goals. Future Preparedness: UNFI aims to enhance cybersecurity measures and share insights with retailers, viewing the incident as a…

Essential Insights New Tactics: Microsoft reports that the cybercriminal group Scattered Spider has employed new techniques in attacks on airlines, insurance, and retail sectors since April. Social Engineering: The group, tracked as Octo Tempest, continues to use social-engineering tactics, such as impersonating users for password resets. Evolving Strategies: Recent attacks have involved adversary-in-the-middle tactics and the deployment of DragonForce ransomware, targeting VMWare ESX hypervisor environments. Shift in Focus: Scattered Spider has shifted from exploiting cloud identity privileges to targeting on-premises infrastructure before moving to cloud access, linking their activities to multiple U.S. and U.K. retail attacks. New Techniques Emerge Microsoft…