U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a an Oracle Fusion Middleware flaw, tracked as CVE-2025-61757 (CVSS score of 9.8), to its Known…
ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach
A sophisticated supply chain attack has reportedly compromised data across hundreds of organizations, linking the breach to a critical integration between customer success platform Gainsight and CRM giant Salesforce. The notorious hacking collective ShinyHunters is claiming responsibility for the intrusion,…
IT Security News Hourly Summary 2025-11-22 09h : 2 posts
2 posts were published in the last hour 8:2 : CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability 8:2 : Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8),…
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects…
Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination
A former IT contractor from Ohio has admitted to launching a cyberattack against his employer’s network in retaliation for being terminated, federal prosecutors announced this week. Maxwell Schultz, 35, of Columbus, Ohio, pleaded guilty to computer fraud charges after leading…
Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities
The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewall (WAF). This module chains two recently disclosed flaws, CVE-2025-64446 and CVE-2025-58034, to achieve unauthenticated Remote Code Execution (RCE) with root privileges. The release follows reports of…
MY TAKE: Carol Sturka declares ‘I have agency!’ — Big Tech’s AI models now testing that claim
It was a tense moment in Episode 4 of Pluribus, the Apple TV series about a world linked by a single intelligence. Related: Mistaking pattern mastery for wisdom A character named Carol Sturka, surrounded by a seemingly benevolent collective ……
Understanding Cybersecurity Threats: Insights from Intelligence Experts
In this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major…
IT Security News Hourly Summary 2025-11-22 06h : 5 posts
5 posts were published in the last hour 5:4 : CrowdStrike Fires Insider for Sharing Internal System Details with Hackers 5:4 : What makes NHIs support systems more secure 5:4 : How NHIs are tailored to handle specific enterprise needs…
CrowdStrike Fires Insider for Sharing Internal System Details with Hackers
Cybersecurity giant CrowdStrike has confirmed the termination of an insider who allegedly provided sensitive internal system details to a notorious hacking collective. The incident, which came to light late Thursday and Friday morning, involved the leak of internal screenshots on…
What makes NHIs support systems more secure
How Do Non-Human Identities Transform Security Frameworks? How can organizations maneuver to ensure their support systems remain impenetrable? The answer lies in Non-Human Identities (NHIs). While more businesses migrate to cloud-based environments, the management of NHIs becomes pivotal in securing…
How NHIs are tailored to handle specific enterprise needs
Are Non-Human Identities (NHIs) the Missing Piece in Your Enterprise’s Cybersecurity Strategy? Organizations are increasingly reliant on Non-Human Identities (NHIs) for managing security and access needs. But how exactly do NHIs address specific enterprise needs, and what strategic role do…
How can I ensure secure interactions between Agentic AI systems?
What Are Non-Human Identities in Cybersecurity, and How Can They Be Managed? How can organizations ensure robust security for their machine identities, commonly known as Non-Human Identities (NHIs)? These identities are critical in protecting sensitive data and maintaining a secure…
Are AI security measures getting better annually
How Can Organizations Ensure the Security of Non-Human Identities in the Cloud? How do organizations manage the security of machine identities and secrets? This question is at the forefront for companies across industries such as financial services, healthcare, and even…
Critical Azure Bastion Vulnerability Lets Attackers Bypass Login and Escalate Privileges
A critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enables attackers to escalate privileges to administrative levels with a single network request. The vulnerability, designated CVE-2025-49752, affects all Azure Bastion deployments and received an emergency security…
What is identity and access management? Guide to IAM
<p>Identity and access management, or IAM, is a framework of business processes, policies and technologies that facilitates the management of digital identities. With an IAM framework in place, IT security teams can control user access to critical information within their…
IT Security News Hourly Summary 2025-11-22 00h : 1 posts
1 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-11-21
IT Security News Daily Summary 2025-11-21
145 posts were published in the last hour 22:4 : Critical SonicOS SSLVPN Vulnerability Allows Remote Firewall Crashes 22:4 : CrowdStrike denies breach after insider sent internal screenshots to hackers 22:4 : Startup firm called Factory disrupts campaign designed to…
Critical SonicOS SSLVPN Vulnerability Allows Remote Firewall Crashes
A critical SonicOS SSLVPN flaw lets remote attackers crash SonicWall firewalls without authentication. The post Critical SonicOS SSLVPN Vulnerability Allows Remote Firewall Crashes appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article:…
CrowdStrike denies breach after insider sent internal screenshots to hackers
CrowdStrike says an insider shared internal screenshots with hackers but confirms no system breach and no customer data exposure. BleepingComputer first reported that CrowdStrike said an insider shared internal system screenshots with hackers, after Scattered Lapsus$ Hunters leaked them on…
Startup firm called Factory disrupts campaign designed to hijack development platform
The AI-based firm intercepted a state-linked operation that was abusing resources as part of a criminal cyber-fraud network. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Startup firm called Factory disrupts campaign designed…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber…
Phishing Breaks More Defenses Than Ever. Here’s the Fix
If your tools say a link is clean, do you fully trust it? Most SOC leaders don’t anymore, and for good reason. Phishing has become polished, quiet, and built to blend into everyday traffic. It slips through filters, lands in inboxes unnoticed,…