Information

12 Sep

DELMIA Factory Software Vulnerability Exploited in Attacks

Information, News

Threat actors are exploiting a critical-severity vulnerability in DELMIA Apriso factory software, the US cybersecurity agency CISA warns. Developed by French company Dassault Systèmes, DELMIA Apriso is a manufacturing operations management (MOM) and manufacturing execution system (MES) software designed for managing every detail of the manufacturing process. The software is used in North America, Europe, and Asia, including in the aerospace and defense, automotive, high-tech, and industrial equipment industries.  Tracked as CVE-2025-5086 (CVSS score of…

Read More
12 Sep

Apple Sends Fresh Wave of Spyware Notifications to French Users

Information, News

Apple in early September sent a fresh wave of threat notifications to French users it believes might have been targeted by commercial spyware. This is at least the fourth time the Cupertino-based tech giant has notified users in France of potential mercenary spyware attacks, according to an alert from the French national Computer Emergency Response Team (CERT-FR). “This alert records all waves of notifications sent by Apple and known to CERT-FR since March 5, 2025.…

Read More
11 Sep

Bulletproof Host Stark Industries Evades EU Sanctions

Information, Insights

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers. Image: Shutterstock. Materializing just two weeks…

Read More
10 Sep

Preventing business disruption and building cyber-resilience with MDR

Information

Business Security Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy Phil Muncaster 09 Sep 2025  •  , 4 min. read Threat actors are on a roll. They’ve optimized supply chains. Their ranks are growing thanks to pre-packaged services that lower the barriers to entry for budding cybercriminals. And they’re using AI tools to improve the success of social engineering, reconnaissance,…

Read More
09 Sep

Microsoft Patch Tuesday, September 2025 Edition

Information, Insights

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices. Microsoft assigns security flaws a “critical” rating when malware or miscreants can exploit…

Read More
08 Sep

18 Popular Code Packages Hacked, Rigged to Steal Crypto

Data Breaches, Information, Insights

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could lead to a disruptive malware outbreak that is far more difficult…

Read More
06 Sep

Under lock and key: Safeguarding business data with encryption

Information

Business Security As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose Phil Muncaster 05 Sep 2025  •  , 5 min. read A single security breach can jeopardize everything you’ve built. The theft of intellectual property and confidential customer data can result in a cascade of consequences, from hefty financial losses and a shattered brand reputation to ultimately the threat…

Read More
05 Sep

GOP Cries Censorship Over Spam Filters That Work

Information, Insights

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed’s messages are getting blocked…

Read More
05 Sep

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

Information

ESET researchers have identified a new threat actor, whom we have named GhostRedirector, that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam. GhostRedirector used two previously undocumented, custom tools: a passive C++ backdoor that we named Rungan, and a malicious Internet Information Services (IIS) module that we named Gamshen. While Rungan has the capability of executing commands on a compromised server, the purpose of Gamshen is to provide SEO fraud as-a-service,…

Read More
01 Sep

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Data Breaches, Information, Insights

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including…

Read More