Microsoft Confirms Source Code Access in SolarWinds Attack On Thursday, Microsoft disclosed that threat actors linked to the SolarWinds supply chain attack successfully accessed a limited number of internal accounts within the company. This unauthorized access allowed these sophisticated, nation-state actors to escalate their reach inside Microsoft’s internal network, although…
In its February 2024 Patch Tuesday updates, Microsoft has issued fixes for 73 security vulnerabilities across its software ecosystem, including two zero-day flaws currently under active exploitation. Among these vulnerabilities, five have been categorized as Critical and 65 as Important, while three have a Moderate severity rating. This release also…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a recently patched security vulnerability affecting Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software in its Known Exploited Vulnerabilities (KEV) catalog. This update comes in response to indications that the flaw is being actively exploited in…
In 2020, enterprises faced unprecedented IT challenges as they rapidly transitioned to remote work and embraced automation technologies. As the year drew to a close, companies began to reassess their cybersecurity infrastructures in an effort to prepare for a return to normalcy in 2021. However, the revelation of a significant…
Cisco Addresses Critical Security Flaw in Secure Client Software Cisco has recently issued patches to rectify a significant vulnerability in its Secure Client software, which poses a considerable risk of exploitation by malicious actors. This flaw allows intruders to initiate a VPN session impersonating a targeted user, potentially compromising sensitive…
The surge of online activities during the COVID-19 pandemic has created unprecedented opportunities for cybercriminals, enabling them to exploit an expanded pool of potential victims. As businesses, educational institutions, and individuals migrated online, they became increasingly vulnerable to an array of cyberattacks, including “zoombombing,” where unauthorized individuals disrupted Zoom meetings…
Eight years after a researcher alerted WhatsApp to vulnerabilities allowing mass extraction of user phone numbers, a new investigation from the University of Vienna has confirmed that this issue persists. The researchers employed a technique exploiting WhatsApp’s discovery function, which allows individuals to check if a phone number is registered…
Endpoint Security, Hardware / Chip-level Security Experts Highlight Advantages of Bug Bounties and Researcher Engagement Mathew J. Schwartz (@euroinfosec) • November 21, 2025 Image: Shutterstock While hardware once stood as a cornerstone of trustworthy systems, ongoing concerns over compromised supply chains and security vulnerabilities have significantly diminished that trust. As…
Salesforce recently issued a security advisory alerting users to unauthorized access to customer data via third-party applications provided by Gainsight. This breach not only raises alarm bells across the user base but also highlights persistent vulnerabilities associated with OAuth integrations—an area already marked by significant data breaches within the Salesforce…
