HPE rushes out patch for critical StoreOnce backup flaw Hewlett Packard Enterprise has issued patches for eight vulnerabilities in its StoreOnce backup and deduplication appliances. The worst, CVE-2025-37093 (CVSS 9.8), lets remote attackers bypass authentication on any version prior to StoreOnce 4.3.11. Zero Day Initiative says the flaw sits in the machineAccountCheck method. Once inside, […]
Google unmasks ‘UNC6040’ vishing gang targeting Salesforce users Google’s Threat Intelligence Group (GTIG) has unmasked UNC6040, a financially-driven gang that runs English-language voice-phishing (vishing) campaigns. Posing as IT support staff, callers persuade employees to install or approve a doctored version of Salesforce’s Data Loader. Once authorised, the tool siphons corporate Salesforce data, after which the […]
Cisco rushes to fix critical ISE bug that shares passwords across cloud deployments Cisco has patched a critical static-credential flaw (CVE-2025-20286, CVSS 9.9) in its Identity Services Engine (ISE) cloud images for AWS, Azure and Oracle Cloud. Because ISE generates the same default credentials for every deployment running the same software release on a given […]
Chrome Extensions Are Leaking Your Data – and the Keys to the Kingdom Symantec researchers found that dozens of popular Chrome extensions—some with hundreds of thousands of installs—send telemetry over unencrypted HTTP and even hard-code API keys (Google Analytics, Azure, AWS, Tenor, crypto services) directly in their JavaScript. Examples include SEMRush Rank, Browsec VPN, MSN […]
Microsoft helps India break up AI-driven tech-support scam On 6 June 2025 India’s Central Bureau of Investigation (CBI), working with Microsoft and Japan’s National Police Agency, raided 19 sites in Delhi, Haryana and Uttar Pradesh (Operation Chakra V). Six suspects were arrested and two illegal call-centres shut down. The syndicate posed as Microsoft support, targeting […]
Gen-AI at Work: Why Banning ChatGPT Won’t Save Your Data The Hacker News article explains why simply blocking public generative-AI tools is a poor defence against data loss. Zscaler’s ThreatLabz team saw AI/ML traffic jump 36-fold in 2024 and counted more than 800 different AI apps inside enterprises. When companies ban ChatGPT-style services, employees often […]
Security researcher Jeremiah Fowler uncovered an unsecured ElasticSearch database holding 184 million login records—usernames and plain-text passwords for services such as Apple, Google, Facebook, Microsoft and many more. A spot-check of 10,000 entries revealed hundreds of government email addresses from at least 29 countries, including the UK and the US, raising national-security concerns. The trove, […]
Interlock, a ransomware gang, breached the education network of Scotland’s West Lothian Council. The council first said no data had been taken, but after Interlock dumped files online it admitted that “a small percentage” of data was stolen. Personal information on teachers, parents and carers—including scanned passports and driving licences—has appeared on the criminals’ leaks […]
Authorities have issued an alert to law firms about Luna Moth (also known as Silent Ransom Group, Chatty Spider and Storm-0252), an extortion gang that has been running sophisticated “callback phishing” attacks since 2022. Victims first receive innocuous emails—often about fake invoices or subscription renewals—asking them to telephone a customer-service number. Once on the call, […]
