A hacker injected malicious wiping commands into version 1.84.0 of the Amazon Q extension for Visual Studio Code. Amazon removed the vulnerable version and released an update, stating that no customer resources were impacted.
SaaS security adoption is rising as breaches surge. Companies face challenges like security management, access control, and visibility into SaaS applications. SSPM solutions and a focus on identity security are essential to address these risks.
A new vulnerability in Kigen eUICC cards exposes billions of IoT devices to attacks through flaws in eSIM profile management. The vulnerability allows the installation of malicious JavaCard applets, jeopardizing the confidentiality of mobile network operator data and allowing interception of communications. A security patch has been released.
Parrot Security announced the release of Parrot OS 6.4, bringing updates to core security tools, including Metasploit Framework 6.4.71 and Sliver C2 framework. The new release includes Linux kernel 6.12.32 and aims to improve performance and stability for security professionals.
The European Union has launched the EuroQCI initiative to build a pan-European, quantum-secure communication infrastructure. The plan combines terrestrial and satellite networks to protect critical data from future quantum threats, aiming for full implementation by 2030.
Generative AI is being rapidly adopted in workplaces, with many employees using it without formal approval. This swift integration creates significant security risks, as most companies lack formal policies or training to guard against data leaks, intellectual property infringement, and other vulnerabilities, leaving them exposed.
The International Criminal Court (ICC) in The Hague confirmed it sustained a "sophisticated and targeted" cyberattack. The incident, which was detected and contained, marks the second major attack against the court in recent years, raising security concerns amid high-profile investigations.
Two years after its initial discovery, a critical vulnerability in Microsoft's Entra ID, known as nOAuth, continues to expose thousands of SaaS applications to potential account takeovers. New research from Semperis reveals the flaw, which bypasses standard defenses, remains a severe and active threat.
Ongoing phishing campaigns target organizations using Microsoft 365, specifically Office 365 where multi-factor authentication (MFA) is not enforced. The attacks use sophisticated social engineering tactics and convincing phishing pages to harvest user credentials.
