Aggregator

GhostRedirector Compromising Windows Servers in Brazil, Thailand and Vietnam
A suspected Chinese cybercrime group is deploying custom malware to compromise Windows servers in Brazil, Thailand, Portugal and Vietnam as part of search engine optimization fraud to promote gambling websites.

Nonprofit Is Among Several Blood Suppliers Hit by Cybercriminals Over the Past Year
New York Blood Center Enterprises said an undisclosed number of patients, employees and other individuals are potentially affected by a January cyberattack that compromised personal and health related information. The hack was among several attacks on blood suppliers over the past year.

Salesloft Says Hackers Broke Into Its GitHub Repository
Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft.

Observo Buy Gives Customers Real-Time SIEM Ingestion and Vendor-Agnostic Options
SentinelOne’s Observo AI buy gives customers a flexible, AI-powered data pipeline for faster detection and SIEM freedom. The acquisition bolsters its AI-native SIEM vision and offers a lower-cost, real-time alternative to traditional solutions such as Splunk.

GhostRedirector Compromising Windows Servers in Brazil, Thailand and Vietnam
A suspected Chinese cybercrime group is deploying custom malware to compromise Windows servers in Brazil, Thailand, Portugal and Vietnam as part of search engine optimization fraud to promote gambling websites.

Nonprofit Is Among Several Blood Suppliers Hit by Cybercriminals Over the Past Year
New York Blood Center Enterprises said an undisclosed number of patients, employees and other individuals are potentially affected by a January cyberattack that compromised personal and health related information. The hack was among several attacks on blood suppliers over the past year.

Salesloft Says Hackers Broke Into Its GitHub Repository
Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft.

Observo Buy Gives Customers Real-Time SIEM Ingestion and Vendor-Agnostic Options
SentinelOne’s Observo AI buy gives customers a flexible, AI-powered data pipeline for faster detection and SIEM freedom. The acquisition bolsters its AI-native SIEM vision and offers a lower-cost, real-time alternative to traditional solutions such as Splunk.

США готовят крупнейшую со времен холодной войны инвестицию в оборонную инфраструктуру Филиппин.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
CIS Benchmarks provide standardized configuration best practices to reduce attack surfaces, strengthen compliance, and support secure operations across servers, endpoints, cloud, and applications. By implementing CIS-certified baselines, organizations can minimize misconfigurations, prevent drift, and improve audit readiness. Netwrix enhances this process with automated configuration monitoring, drift detection, and identity-first enforcement to sustain long-term security. Maintaining … Continued

Threat Attack Daily - 8th of September 2025

Ransomware Attack Update for the 8th of September 2025

Large network scans have been  targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. [...]

A vulnerability, which was classified as problematic, was found in Ethyca Fides up to 2.69.0. This affects an unknown function of the component Admin UI. Executing manipulation can lead to session expiration. This vulnerability is tracked as CVE-2025-57766. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Ethyca Fides up to 2.69.0. The impacted element is an unknown function of the component OAuth Client Endpoint. Performing manipulation results in missing authorization. This vulnerability is identified as CVE-2025-57817. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in xwiki-contrib application-blog up to 9.13. The affected element is an unknown function. Such manipulation of the argument Content leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is referenced as CVE-2025-58365. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Ethyca Fides up to 2.69.0. Impacted is an unknown function of the component Webserver API. This manipulation causes improper control of interaction frequency. The identification of this vulnerability is CVE-2025-57816. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.