A newly uncovered, high-severity vulnerability affects the OttoKit plugin for WordPress, formerly known as SureTriggers. This flaw has reportedly been exploited within mere hours of its public disclosure, posing a significant risk to website security. Identified as CVE-2025-3102, this vulnerability carries a CVSS score of 8.1 due to an authorization…
Cybersecurity firm Trellix recently reported a sustained malware campaign targeting e-commerce sectors in South Korea and the United States, attributed to a new wave of GuLoader attacks. This malware campaign signifies a shift in tactics from the previously used malware-laden Microsoft Word documents to NSIS executable files for malware deployment.…
Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) Enhancing OT Cybersecurity Skills Through Education and Collaboration Brandy Harris • September 3, 2025 Image: Shutterstock As the cybersecurity landscape evolves, many professionals entering the field find their training predominantly focused on IT systems, safeguarding data centers, and managing corporate…
Recent data breaches have raised concerns about security within popular applications, particularly the use of the Salesloft Drift application to compromise Salesforce data. In an important update, Salesloft has reported that the security incident has been addressed, with containment measures and customer protections now in effect. To investigate the breach,…
Surge in Server-Side Request Forgery Exploits Detected Across Multiple Platforms GreyNoise, a threat intelligence firm, has issued an alarming warning regarding a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities across various platforms. This uptick, first identified on March 9, 2025, is particularly notable for involving at…
Understanding Ephemeral Accounts in Cybersecurity In the realm of cybersecurity audits, particularly those regarding compliance and cyber insurance, emphasis is placed on analyzing group memberships to discern access levels. This scrutiny typically reveals individuals with elevated privileges, including roles such as Domain Admin, Enterprise Admin, Local Administrator, Global Admin in…
Palo Alto Networks has alerted the cybersecurity community regarding ongoing brute-force login attempts directed at PAN-OS GlobalProtect gateways. This warning follows recent observations from threat hunters who noted an increase in suspicious login scanning activity targeting the company’s devices. A spokesperson from Palo Alto Networks commented that evidence exists of…
VMware Addresses Ransomware Attacks Targeting ESXi Servers On Monday, VMware announced that it has not detected any activity regarding the exploitation of an undisclosed zero-day vulnerability in its software amid a global wave of ransomware assaults. The company clarified that reports indicate attackers are primarily targeting End of General Support…
Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development From MechaHitler to Islamic Chatbots, AI Engines Are Writing the Script for Reality Tony Morbin (@tonymorbin) • September 5, 2025 Competing AI models are reshaping our global perception of reality. (Image: Shutterstock) While the goal of artificial intelligence…