The Cybersecurity and Infrastructure Security Agency acknowledged it's yet to get a complete handle on the scope and impact of attacks involving Cisco zero-day vulnerabilities that prompted it to release an emergency directive Thursday. The attack timeline dates back almost a year, according to an investigation Cisco and federal authorities did behind the scenes to identify the root cause and then coordinate the issuance of patches to address software defects under active exploitation. READ MORE...
Volvo North America is the latest large organization to announce attackers accessed employee data after a ransomware attack struck its HR system provider. It told staff recently that their first and last names, along with their social security numbers, were hit when cybercriminals raided Swedish software slinger Miljödata in August. According to a disclosure [PDF] filed with the Massachusetts Attorney General's office, the attack on Miljödata occurred on August 20. READ MORE...
A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication. The malicious package was a perfect replica of the authentic one in terms of code and description, appearing as an official port on npm for 15 iterations. Model Context Protocol (MCP) is an open standard that allows AI assistants to interface with external tools, APIs, and databases. READ MORE...
The North Korean threat actor behind the DeceptiveDevelopment campaign is supplying stolen developer information to the country's horde of fraudulent IT workers, ESET reports. Initially detailed in February but ongoing since at least 2023, the DeceptiveDevelopment campaign targets developers associated with cryptocurrency and decentralized finance projects with fake job offers aimed at information theft and malware infection. READ MORE...
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. The vendor disclosed the flaw on September 18, buit the company had learned about it a week earlier, and did not share any details on how it was discovered or if it was being exploited. CVE-2025-10035 is a deserialization vulnerability in the License Servlet of the GoAnywhere managed file transfer software. READ MORE...
Salesforce Web forms can be manipulated by the company's "Agentforce" autonomous agent into exfiltrating customer relationship management (CRM) data - a concerning development as legacy software-as-a-service (SaaS) providers race to integrate agentic AI into their platforms to zhuzh up the user experience and generate buzz among investors. Agentforce is an agentic AI platform built into the Salesforce ecosystem, which allows users to spin up autonomous agents for most conceivable tasks. READ MORE...