brangberg – Page 330

SaaS Breaches Start with Tokens – What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks.
Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called tokens. Tokens, like

Hacktivists target critical infrastructure, hit decoy plant

A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. […]

GitHub Copilot Chat Flaw Leaked Data From Private Repositories

Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code.

The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek.

Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day

The company said there is no evidence that confidential client data was stolen from its systems.

The post Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day appeared first on SecurityWeek.

From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine

Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service for Special Communications and Information Protection (SSSCIP) said.
“Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated

All SonicWall Cloud Backup Users Had Firewall Configurations Stolen

In early September, hackers stole the firewall configuration backup files stored using the MySonicWall service.

The post All SonicWall Cloud Backup Users Had Firewall Configurations Stolen appeared first on SecurityWeek.

Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach

The hackers claim the theft of over 2 million photos of government identification documents provided to Discord for age verification.

The post Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach appeared first on SecurityWeek.

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites.
The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the

Hackers claim Discord breach exposed data of 5.5 million users

Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company’s Zendesk support system instance, including government IDs and partial payment information for some people. […]

New FileFix attack uses cache smuggling to evade security software

A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s system and bypassing security software. […]

Author: brangberg