September 2025 – Page 10

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection.
The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security,

PyPI Warns Users of Fresh Phishing Campaign

Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites.

The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek.

How secure are passkeys, really? Here’s what you need to know

Passwords are weak links—88% of breaches involve stolen creds. Learn more from Specops Software about how passkeys deliver phishing resistance, simpler logins & lower support costs (with some hurdles to adoption). […]

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor.
Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows,

Chinese Cyberspies Hacked US Defense Contractors

RedNovember has been targeting government, defense and aerospace, and legal services organizations worldwide.

The post Chinese Cyberspies Hacked US Defense Contractors appeared first on SecurityWeek.

Teen suspected of Vegas casino cyberattacks released to parents

A 17-year-old hacker who surrendered to face charges over cyberattacks targeting Vegas casinos in 2023 has been released into the custody of his parents, a family court judge ruled. […]

Microsoft will offer free Windows 10 security updates in Europe

Microsoft will offer free extended security updates for Windows 10 users in the European Economic Area (EEA), which includes Iceland, Liechtenstein, Norway, and all 27 European Union member states. […]

RTX Confirms Airport Services Hit by Ransomware

The aerospace and defense giant has disclosed the cyberattack in a filing with the SEC.

The post RTX Confirms Airport Services Hit by Ransomware appeared first on SecurityWeek.

Perspective: Why Politics in the Workplace is a Cybersecurity Risk

Bringing politics into professional spaces undermines decision-making, collaboration, and ultimately weakens security teams.

The post Perspective: Why Politics in the Workplace is a Cybersecurity Risk appeared first on SecurityWeek.

Month: September 2025