Latest Intelligence
Canadian Electric Utility Lists Customer Information Stolen by Hackers
Nova Scotia Power has reported a cyberattack that resulted in the theft of a variety of personal and financial information from its customers. This incident highlights the ongoing risks that electric utilities face from cyber threats, emphasizing the need for robust cybersecurity measures.
Australian Human Rights Commission Discloses Data Breach
The Australian Human Rights Commission has reported an inadvertent exposure of data submitted through its website's complaint form. This breach raises significant concerns about the handling of sensitive information by public institutions.
Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’
Google has released a Chrome 136 update to address a high-severity vulnerability that is currently being exploited publicly. This update is significant as it helps protect users from potential attacks leveraging this flaw.
Operation RoundPress
ESET researchers have identified a Russia-aligned espionage operation that exploits XSS vulnerabilities to target webmail servers. This operation highlights the ongoing threat to webmail services and the need for enhanced security measures to protect sensitive communications.
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Google has released updates for Chrome to address four security issues, including a high-severity vulnerability (CVE-2025-4664) that is actively being exploited. This vulnerability involves insufficient policy enforcement in a component known as Loader, which could lead to cross-origin data leaks.
Infosec Layoffs Aren't the Bargain That Boards May Think
The article discusses how layoffs in the information security sector may seem like a cost-saving measure for boards, but they come with significant hidden costs, such as increased insider threats and weakened cybersecurity defenses. These factors can ultimately give skilled adversaries an advantage, highlighting the importance of maintaining robust security teams.
AI Agents May Have a Memory Problem
A study by Princeton University and Sentient reveals that AI agents can be easily manipulated into exhibiting harmful behavior by introducing false 'memories' into their decision-making data. This raises significant concerns about the reliability and security of AI systems in various applications.
Using a Calculator to Take Guesswork Out of Measuring Cyber Risk
Organizations struggle with the complexity of accurately measuring their cyber risk due to various influencing factors. Resilience's risk calculator tool offers a solution by allowing organizations to assess their cyber risk based on their specific variables, enabling them to make better-informed security decisions.
Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack
Ivanti has reported that zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) have been exploited in a limited number of cases. These vulnerabilities are linked to open source libraries and pose significant risks to affected customers.
Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
Google has introduced an 'Advanced Protection' mode for Android to enhance security for high-risk users against sophisticated mobile malware. This feature consolidates multiple protective measures into a single toggle, addressing the growing threat of surveillance spyware.
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
Samsung has patched a critical security vulnerability, CVE-2025-4632, in MagicINFO 9 Server that could allow attackers to exploit a path traversal flaw. This vulnerability has a high CVSS score of 9.8 and has been actively exploited in the wild, highlighting significant risks for affected users.
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
The BianLian and RansomExx cybercrime groups are exploiting a recently disclosed security vulnerability in SAP NetWeaver, highlighting the growing threat posed by multiple actors taking advantage of this flaw. This situation underscores the urgency for organizations to address the vulnerability to protect their systems from potential breaches.
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
The Xinbi Guarantee marketplace, operating on Telegram, has been linked to over $8.4 billion in illicit transactions since 2022, primarily involving technology, personal data, and money laundering activities. This revelation highlights the significant role such platforms play in facilitating cybercrime and raises concerns about security in digital transactions.
Is AI Use in the Workplace Out of Control?
The article discusses the increasing integration of AI tools in the workplace and suggests that attempting to ban these technologies is ineffective. It highlights the growing reliance on AI across various software as a service (SaaS) platforms, indicating that AI's presence is becoming ubiquitous in modern work environments.
Marks & Spencer Confirms Customer Data Stolen in Cyberattack
Marks & Spencer has confirmed that customer data was stolen during a cyberattack last month, although no account passwords were compromised. As a precautionary measure, the company will require customers to reset their passwords for added security.