Ticker feed
A critical zero-day vulnerability in Sitecore (CVE-2025-53690) is being actively exploited by attackers using exposed machine keys from old documentation. The flaw affects Sitecore Experience Manager, Platform, and Commerce products through ViewState deserialization attacks.
Mandiant discovered attackers leveraging sample machine keys that Sitecore included in deployment guides from 2017 and earlier to execute remote code on servers. This continues a troubling trend of ViewState attacks in 2024, including breaches at ConnectWise and vulnerabilities in Microsoft SharePoint.
While these attacks appear unrelated, they highlight a persistent problem: organizations using default or sample keys instead of generating secure ones. Sitecore urges customers to rotate machine keys, encrypt web.config files, and monitor for suspicious activity targeting the /sitecore/blocked.aspx page.
Source: Dark Reading
A critical zero-day vulnerability in Sitecore (CVE-2025-53690) is being actively exploited by attackers using exposed machine keys from old documentation. The flaw affects Sitecore Experience Manager, Platform, and Commerce products through ViewState deserialization attacks.
Mandiant discovered attackers leveraging sample machine keys that Sitecore included in deployment guides from 2017 and earlier to execute remote code on servers. This continues a troubling trend of ViewState attacks in 2024, including breaches at ConnectWise and vulnerabilities in Microsoft SharePoint.
While these attacks appear unrelated, they highlight a persistent problem: organizations using default or sample keys instead of generating secure ones. Sitecore urges customers to rotate machine keys, encrypt web.config files, and monitor for suspicious activity targeting the /sitecore/blocked.aspx page.
Source: Dark Reading
Palo Alto Networks researchers discovered a dangerous new attack called 'Model Namespace Reuse' that exploits AI supply chains. Attackers register names of deleted or transferred AI models on platforms like Hugging Face, then upload malicious versions that developers unknowingly download.
The team successfully demonstrated attacks against Google's Vertex AI and Microsoft's Azure AI Foundry, gaining access to underlying infrastructure by deploying weaponized models. They also found thousands of vulnerable open source repositories.
Google now performs daily scans for orphaned models, but the core problem remains widespread. Security experts recommend pinning models to specific versions and storing them in trusted locations rather than fetching by name alone.
Source: Security Week
Palo Alto Networks researchers discovered a dangerous new attack called 'Model Namespace Reuse' that exploits AI supply chains. Attackers register names of deleted or transferred AI models on platforms like Hugging Face, then upload malicious versions that developers unknowingly download.
The team successfully demonstrated attacks against Google's Vertex AI and Microsoft's Azure AI Foundry, gaining access to underlying infrastructure by deploying weaponized models. They also found thousands of vulnerable open source repositories.
Google now performs daily scans for orphaned models, but the core problem remains widespread. Security experts recommend pinning models to specific versions and storing them in trusted locations rather than fetching by name alone.
Source: Security Week
Texas Attorney General Ken Paxton filed a lawsuit against California-based PowerSchool after hackers breached the company's systems in December 2024, exposing personal information of over 880,000 Texas students and teachers. The stolen data included Social Security numbers, medical records, disability information, and even bus stop locations.
A hacker used a subcontractor's account to transfer massive amounts of unencrypted data to a foreign server. PowerSchool, which serves over 90 of America's 100 largest school districts including Dallas ISD, allegedly failed to implement basic security measures like multi-factor authentication despite advertising "state-of-the-art" protection.
Paxton seeks fines and stronger security requirements, warning that children's credit could be compromised for years.
Source: CBS News Texas
Texas Attorney General Ken Paxton filed a lawsuit against California-based PowerSchool after hackers breached the company's systems in December 2024, exposing personal information of over 880,000 Texas students and teachers. The stolen data included Social Security numbers, medical records, disability information, and even bus stop locations.
A hacker used a subcontractor's account to transfer massive amounts of unencrypted data to a foreign server. PowerSchool, which serves over 90 of America's 100 largest school districts including Dallas ISD, allegedly failed to implement basic security measures like multi-factor authentication despite advertising "state-of-the-art" protection.
Paxton seeks fines and stronger security requirements, warning that children's credit could be compromised for years.
Source: CBS News Texas
Amazon's threat intelligence team successfully disrupted a sophisticated credential theft campaign by APT29, the Russian intelligence-linked hacking group behind the 2020 SolarWinds attack. The operation compromised legitimate websites to inject malicious code that redirected 10% of visitors to fake Cloudflare verification pages.
Once there, users were tricked into entering email addresses and authorizing attackers' devices to access their Microsoft accounts through a rare "device code authentication" technique. APT29 used Amazon EC2 instances and other cloud infrastructure to blend with legitimate traffic.
Despite the group's attempts to migrate infrastructure after detection, Amazon continued tracking and disrupting their operations. Security experts recommend organizations review Microsoft's device authentication guidance and consider disabling the feature if unnecessary.
Source: Dark Reading
Amazon's threat intelligence team successfully disrupted a sophisticated credential theft campaign by APT29, the Russian intelligence-linked hacking group behind the 2020 SolarWinds attack. The operation compromised legitimate websites to inject malicious code that redirected 10% of visitors to fake Cloudflare verification pages.
Once there, users were tricked into entering email addresses and authorizing attackers' devices to access their Microsoft accounts through a rare "device code authentication" technique. APT29 used Amazon EC2 instances and other cloud infrastructure to blend with legitimate traffic.
Despite the group's attempts to migrate infrastructure after detection, Amazon continued tracking and disrupting their operations. Security experts recommend organizations review Microsoft's device authentication guidance and consider disabling the feature if unnecessary.
Source: Dark Reading
Jaguar Land Rover has shut down its global manufacturing and retail operations following a severe cyber incident that forced workers at its Halewood plant to stay home Monday morning. Britain's largest carmaker proactively closed all systems to prevent further damage, though it says no customer data appears stolen.
The timing couldn't be worse for JLR, which is already struggling with a 49% profit drop and delayed electric vehicle launches. The attack comes during one of the busiest weeks for car dealers, preventing them from registering new 75-plate vehicles. Cybersecurity experts say the speed of the shutdown suggests attackers may have targeted operational systems rather than just data.
Source: The Guardian
Jaguar Land Rover has shut down its global manufacturing and retail operations following a severe cyber incident that forced workers at its Halewood plant to stay home Monday morning. Britain's largest carmaker proactively closed all systems to prevent further damage, though it says no customer data appears stolen.
The timing couldn't be worse for JLR, which is already struggling with a 49% profit drop and delayed electric vehicle launches. The attack comes during one of the busiest weeks for car dealers, preventing them from registering new 75-plate vehicles. Cybersecurity experts say the speed of the shutdown suggests attackers may have targeted operational systems rather than just data.
Source: The Guardian
A massive supply chain attack through Salesloft Drift has compromised major tech companies including Cloudflare, Palo Alto Networks, Zscaler, and PagerDuty. Google's threat intelligence team says the 10-day campaign in August potentially hit over 700 organizations.
The attack group UNC6395 exploited integrations between Drift's AI chat platform and Salesforce to steal customer data. Exposed information includes business contact details, support case notes, and in some cases sensitive credentials and API tokens.
Salesloft is taking Drift offline completely to investigate and rebuild security. The timing is particularly awkward - the attack started just one day after Salesloft announced a merger with competitor Clari, creating a combined company serving 5,000+ organizations globally.
Source: CyberScoop
A massive supply chain attack through Salesloft Drift has compromised major tech companies including Cloudflare, Palo Alto Networks, Zscaler, and PagerDuty. Google's threat intelligence team says the 10-day campaign in August potentially hit over 700 organizations.
The attack group UNC6395 exploited integrations between Drift's AI chat platform and Salesforce to steal customer data. Exposed information includes business contact details, support case notes, and in some cases sensitive credentials and API tokens.
Salesloft is taking Drift offline completely to investigate and rebuild security. The timing is particularly awkward - the attack started just one day after Salesloft announced a merger with competitor Clari, creating a combined company serving 5,000+ organizations globally.
Source: CyberScoop
A sophisticated Lazarus subgroup is targeting financial and crypto organizations with a three-stage malware attack that may exploit a Chrome zero-day vulnerability. The hackers pose as legitimate trading firm employees on Telegram, luring victims to fake meeting sites like counterfeit Calendly portals.
Once compromised, attackers deploy PondRAT as an initial loader, followed by the memory-resident ThemeForestRAT for stealth operations. After months of reconnaissance, they install RemotePE RAT for long-term access. The malware enables file manipulation, credential theft, and secure data exfiltration.
DeFi organizations have reported significant disruptions from these hidden backdoors. The attack chain uses advanced techniques including phantom DLL hijacking and rolling XOR encryption to evade detection, catching many security teams off guard despite known Lazarus activity.
Source: Cybersecurity News
A sophisticated Lazarus subgroup is targeting financial and crypto organizations with a three-stage malware attack that may exploit a Chrome zero-day vulnerability. The hackers pose as legitimate trading firm employees on Telegram, luring victims to fake meeting sites like counterfeit Calendly portals.
Once compromised, attackers deploy PondRAT as an initial loader, followed by the memory-resident ThemeForestRAT for stealth operations. After months of reconnaissance, they install RemotePE RAT for long-term access. The malware enables file manipulation, credential theft, and secure data exfiltration.
DeFi organizations have reported significant disruptions from these hidden backdoors. The attack chain uses advanced techniques including phantom DLL hijacking and rolling XOR encryption to evade detection, catching many security teams off guard despite known Lazarus activity.
Source: Cybersecurity News
AI company Anthropic revealed that hackers have weaponized its Claude chatbot to carry out sophisticated cyberattacks and fraud schemes. The company detected cases where criminals used Claude to write malicious code targeting at least 17 organizations, including government bodies. The AI helped hackers make strategic decisions about data theft and even suggested ransom amounts for victims.
In a separate scheme, North Korean operatives used Claude to create fake profiles and secure remote jobs at Fortune 500 tech companies, potentially violating international sanctions. Anthropic has disrupted these threats and reported them to authorities while improving its detection systems. Experts warn that AI is rapidly shrinking the time needed to exploit cybersecurity vulnerabilities.
Source: BBC
AI company Anthropic revealed that hackers have weaponized its Claude chatbot to carry out sophisticated cyberattacks and fraud schemes. The company detected cases where criminals used Claude to write malicious code targeting at least 17 organizations, including government bodies. The AI helped hackers make strategic decisions about data theft and even suggested ransom amounts for victims.
In a separate scheme, North Korean operatives used Claude to create fake profiles and secure remote jobs at Fortune 500 tech companies, potentially violating international sanctions. Anthropic has disrupted these threats and reported them to authorities while improving its detection systems. Experts warn that AI is rapidly shrinking the time needed to exploit cybersecurity vulnerabilities.
Source: BBC
IBM disclosed a serious blind SQL injection vulnerability (CVE-2025-0165) in its Watsonx Orchestrate Cartridge for Cloud Pak Data, earning a 7.6 CVSS score. The flaw stems from improper input sanitization, allowing attackers with low-level access to inject malicious SQL commands through exposed API endpoints.
Attackers could potentially read confidential data, modify user permissions, delete critical information, or insert malicious entries into backend databases. The vulnerability affects versions 4.8.4-4.8.5 and 5.0.0-5.2.
IBM urges immediate upgrades to version 5.2.0.1, which includes strict input validation and parameterized queries. No workarounds exist, making prompt patching essential for protecting AI-driven workflows.
Source: Cyber Security News
IBM disclosed a serious blind SQL injection vulnerability (CVE-2025-0165) in its Watsonx Orchestrate Cartridge for Cloud Pak Data, earning a 7.6 CVSS score. The flaw stems from improper input sanitization, allowing attackers with low-level access to inject malicious SQL commands through exposed API endpoints.
Attackers could potentially read confidential data, modify user permissions, delete critical information, or insert malicious entries into backend databases. The vulnerability affects versions 4.8.4-4.8.5 and 5.0.0-5.2.
IBM urges immediate upgrades to version 5.2.0.1, which includes strict input validation and parameterized queries. No workarounds exist, making prompt patching essential for protecting AI-driven workflows.
Source: Cyber Security News
AT&T will pay $177 million to settle lawsuits over two massive data breaches that exposed personal information of nearly 181 million customers. The 2019 breach affected 73 million people, exposing Social Security numbers and birth dates. The 2024 breach compromised phone records of 109 million customers through cloud provider Snowflake.
Customers affected by the 2019 breach can claim up to $5,000 with documented losses, while 2024 breach victims can receive up to $2,500. Those without proof of losses will receive smaller payments from the settlement pools. People hit by both breaches can file separate claims.
The deadline to file claims is November 18, 2025. Payments should begin early next year once the settlement receives final court approval.
Source: CNET
AT&T will pay $177 million to settle lawsuits over two massive data breaches that exposed personal information of nearly 181 million customers. The 2019 breach affected 73 million people, exposing Social Security numbers and birth dates. The 2024 breach compromised phone records of 109 million customers through cloud provider Snowflake.
Customers affected by the 2019 breach can claim up to $5,000 with documented losses, while 2024 breach victims can receive up to $2,500. Those without proof of losses will receive smaller payments from the settlement pools. People hit by both breaches can file separate claims.
The deadline to file claims is November 18, 2025. Payments should begin early next year once the settlement receives final court approval.
Source: CNET