Latest Intelligence
Cisco Says User Data Stolen in CRM Hack
Cisco has reported a data breach that has compromised user accounts on Cisco.com, resulting in the theft of personal information such as names, email addresses, and phone numbers. This incident highlights the vulnerabilities in their customer relationship management (CRM) system. Read Original »
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Researchers have identified a high-severity vulnerability in the Cursor AI code editor that could lead to remote code execution. This flaw, named MCPoison, arises from the software's handling of modifications to Model files. Read Original »
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, indicating active exploitation. These vulnerabilities, primarily affecting D-Link devices, pose significant risks to federal networks and are part of ongoing efforts to enhance cybersecurity measures. Read Original »
CISA Releases Two Industrial Control Systems Advisories
CISA has released two advisories addressing security vulnerabilities in Industrial Control Systems (ICS). These advisories highlight issues related to Mitsubishi Electric Iconics Digital Solutions and Tigo Energy Cloud Connect Advanced. Read Original »
Mitsubishi Electric Iconics Digital Solutions Multiple Products
Mitsubishi Electric Iconics Digital Solutions has identified a vulnerability in their ICONICS Product Suite and MC Works64, which allows for information tampering through Windows Shortcut Following. Users are advised to upgrade to the latest version to mitigate this risk. Read Original »
Tigo Energy Cloud Connect Advanced
Tigo Energy's Cloud Connect Advanced device has multiple critical vulnerabilities, including hard-coded credentials, command injection, and predictable session ID generation, which could allow unauthorized access and control over solar energy systems. These vulnerabilities pose significant risks, including data exposure and service disruptions. Read Original »
Black Hat USA 2025 – Summary of Vendor Announcements (Part 1)
The article discusses the various companies that are presenting their products and services at the Black Hat USA 2025 conference in Las Vegas. It serves as a summary of the vendor announcements made during the event. Read Original »
Vibe Coding: When Everyone’s a Developer, Who Secures the Code?
The rise of AI in software development has democratized coding, allowing non-developers to create applications rapidly. This shift presents significant security challenges for teams tasked with protecting code that may not adhere to traditional development standards. Read Original »
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
The article highlights the critical distinction between 'misconfiguration' and 'vulnerability' in SaaS security discussions, emphasizing that conflating the two can lead to significant security risks. This misunderstanding points to a broader issue within the shared responsibility model in SaaS environments. Read Original »
Approov Raises $6.7 Million for Mobile App Security
Approov has successfully secured $6.7 million in Series A funding aimed at enhancing its mobile application and API security solutions. This investment will help the company advance its offerings in the cybersecurity space. Read Original »
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents
SOC teams are overwhelmed by alerts despite investing heavily in security tools, leading to false positives and missed threats. Top CISOs suggest that the solution lies not in adding more tools but in enhancing the speed and visibility for analysts to effectively identify real attacks. Read Original »
Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability
The August 2025 security update for Android addresses a vulnerability in the Adreno GPU that was confirmed to be exploited as of June. This update aims to enhance security by patching the identified weakness. Read Original »
Microsoft Offers $5 Million at Zero Day Quest Hacking Contest
Microsoft is hosting the Zero Day Quest competition in spring 2026, offering a total of $5 million in rewards for research that uncovers significant security vulnerabilities in cloud and AI technologies. This initiative aims to enhance security measures in these critical areas. Read Original »
SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation
SonicWall is investigating a potential zero-day vulnerability in its firewalls that may be exploited by threat actors in a new wave of ransomware attacks. This situation highlights the increasing exploitation of firewall vulnerabilities in the cybersecurity landscape. Read Original »
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Cybersecurity researchers have uncovered a malicious campaign targeting TikTok Shop users that aims to steal credentials and distribute malware. The attackers are using a combination of phishing and trojanized apps to exploit the platform. Read Original »