On July 8, 2025, ServiceNow released a critical security update to address a vulnerability within the Now Platform that could lead to unauthorized access to sensitive data. This issue is related to misconfigurations in the Conditional Access Control Lists (ACLs), which could allow both authenticated and unauthenticated users to infer data they shouldn’t have access

Continue Reading

AMD has recently published a security advisory detailing new transient scheduler attacks that could potentially allow attackers to infer sensitive information from affected processors. These vulnerabilities, designated as AMD-SB-7029, pose a medium risk related to confidentiality. What Are These Attacks?The vulnerabilities involve timing-based side channels that exploit microarchitectural behaviors in AMD CPUs, particularly under specific

Continue Reading

Security researches at Koi Security recently uncovered a significant security breach involving a network of malicious browser extensions that have infected over 2.3 million users across Google Chrome and Microsoft Edge browsers. The campaign exposes vulnerabilities in how major web marketplaces verify and monitor extensions, highlighting the potential for widespread abuse. The research team identified

Continue Reading

Adobe has released a series of important security updates this week, addressing multiple vulnerabilities that could expose systems to serious risks, including arbitrary code execution, application crashes, and memory leaks. Some of these flaws are particularly severe, and their CVE scores above 9 highlight just how critical it is to update as soon as possible.

Continue Reading

Microsoft’s July 2025 Patch Tuesday delivers essential security updates that address numerous vulnerabilities across Windows, Office, Azure, and other Microsoft services. This month’s release includes several high-severity flaws, many of which could allow remote code execution, privilege escalation, or information disclosure. It is crucial for organizations and users to review these updates and apply them

Continue Reading

If your organization uses ScriptCase — a popular low-code platform for building PHP web applications — recent security alerts should be taken seriously. Two major vulnerabilities have been discovered by cybersecurity researches with Synacktiv that could enable attackers to fully compromise affected servers, leading to potential data theft, system control, and more. ScriptCase helps developers

Continue Reading

Researchers at Koi Security, a cybersecurity company, have recently discovered a large-scale campaign involving dozens of fake Firefox browser extensions designed to steal cryptocurrency wallet credentials by impersonating popular wallet exchange tools. The campaign has been ongoing since at least April 2025, with new malicious extensions appearing as recently as last week. The persistent and

Continue Reading

In a recent discovery, Cybernews researchers have uncovered a massive data leak exposing nearly 26 million resumes stored by TalentHook, a cloud-based applicant tracking system widely used by HR departments to connect with job seekers. TalentHook is a platform facilitating recruitment processes for many organizations. A misconfigured Azure Blob storage container belonging to TalentHook left

Continue Reading