brangberg – Page 701

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.
A new report, Understanding SaaS Security Risks: Why

T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit

T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.

The post T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit appeared first on SecurityWeek.

More Solar System Vulnerabilities Expose Power Grids to Hacking

Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA.

The post More Solar System Vulnerabilities Expose Power Grids to Hacking appeared first on SecurityWeek.

AI Security Firm Straiker Emerges From Stealth With $21M in Funding

Straiker has emerged from stealth mode with a solution designed to help enterprises secure AI agents and applications.

The post AI Security Firm Straiker Emerges From Stealth With $21M in Funding appeared first on SecurityWeek.

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system.
Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them.
1.

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date.
“The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor’s browser,” c/side security analyst Himanshu

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below –

CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation.
SnapCenter is an enterprise-focused software that’s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources.

The vulnerability, tracked as

UK fines software provider £3.07 million for 2022 ransomware breach

The UK Information Commissioner’s Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients. […]

Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. […]

Author: brangberg