Category: Uncategorized
-
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery [email protected] (The Hacker News)
New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse. First disclosed byRead…
-
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC [email protected] (The Hacker News)
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control…
-
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure [email protected] (The Hacker News)
Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for JanuaryRead…
-
Authorization sprawl: Attacking modern access models
Attackers exploit authorization sprawl by using legitimate credentials and SSO tokens to move between systems, bypassing security controls and deploying ransomware undetected.Read More
-
Ransomware threat actors today and how to thwart them
Top experts convened on BrightTALK’s ‘CISO Insights’ to discuss ‘Ransomware 3.0’ — the current threat and what organizations, large and small, must do to thwart these bad actors.Read More
-
6 edge monitoring best practices in the cloud
When it comes to application monitoring, edge workloads are outliers — literally and metaphorically. Learn what sets them apart and how to implement monitoring best practices.Read More
-
Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games [email protected] (The Hacker News)
Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation “carried out…
-
Beware the Hidden Risk in Your Entra Environment [email protected] (The Hacker News)
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. All the guest…
-
What is single sign-on (SSO)?
Single sign-on (SSO) is a session and user authentication service that lets users access multiple applications or systems with a single set of login credentials.Read More
-
10 remote work cybersecurity risks and how to prevent them
Larger attack surfaces, limited oversight of data use, AI-driven attacks and vulnerable enterprise technologies are among the security risks faced in remote work environments.Read More