1-855-263-7328
Security Portal Login
1-855-263-7328
Security Portal Login

Author: InfoSec News

Critical Redis Vulnerability

Screenshot 2025 10 06 235128

A recently discovered use-after-free vulnerability in Redis (CVE-2025-49844) has raised significant concerns among cybersecurity professionals. This flaw, affecting all Redis versions with Lua scripting enabled, allows authenticated users to execute arbitrary code remotely, potentially compromising the entire Redis instance and its underlying system. Vulnerability Overview The issue arises from how Redis handles memory management within […]

Revolutionizing Penetration Testing with AI

Screenshot 2025 10 06 234505

The latest release of Kali Linux 2025.3 introduces a groundbreaking tool for cybersecurity professionals: the Gemini Command-Line Interface (CLI). This open-source package seamlessly integrates Google’s powerful Gemini AI directly into the terminal, offering penetration testers and security experts an intelligent assistant designed to streamline and automate complex security workflows. Transforming Penetration Testing Workflows Traditionally, penetration […]

Palo Alto Networks Portals

Screenshot 2025 10 04 220328

On October 3, 2025, cybersecurity firm GreyNoise reported a significant uptick in scanning activity targeting Palo Alto Networks login portals, marking a nearly 500% increase in unique IP addresses compared to previous observations. This surge, involving approximately 1,300 unique IP addresses, underscores a growing threat landscape where attackers are actively probing network defenses for vulnerabilities. […]

WestJet Breach

Screenshot 2025 10 03 223904

Canadian carrier WestJet recently confirmed a data breach that impacted around 1.2 million customers, revealing vulnerabilities even in established, high-visibility industries. While payment data and passwords remained safe, exposed records included names, travel documents, contact details, loyalty program information, and reservation metadata. The Anatomy of the Breach The intrusion was first detected June 13, 2025, […]

When Giants Stumble

Screenshot 2025 10 01 234224

The recent cyberattack on Japan’s Asahi Group Holdings has triggered a production freeze across its domestic operations, exposing once again how even industry leaders remain vulnerable. The breach forced order processing, shipping, and customer support systems offline-and no clear timeline has been communicated for a full recovery. This disruption affected iconic brands like Asahi Super […]

Harrods Suffers Data Breach

Screenshot 2025 09 29 224407

Harrods has confirmed that approximately 430,000 customer records were exposed following a breach at a third-party service provider. The compromised data includes names, contact details, postal addresses, and marketing or loyalty labels. Importantly, Harrods states that no payment information or account passwords were accessed, and its internal systems were unaffected. Why This Matters The breach […]

Cisco ASA Firewalls Targeted

Screenshot 2025 09 29 223926

Multiple zero-day vulnerabilities in Cisco ASA (Adaptive Security Appliance) firewalls are currently being exploited by a threat group known as “ArcaneDoor.” The campaign targets ASA 5500-X and FTD devices with VPN web services enabled, using flaws like CVE-2025-20333 and CVE-2025-20362 to execute arbitrary code and access restricted endpoints without authentication. Why This Matters Firewalls and […]

Apache Airflow Exposed

Screenshot 2025 09 28 221551

A significant security flaw has surfaced in Apache Airflow (version 3.0.3), exposing sensitive connection information to users with read-only permissions. This issue highlights how even low-privilege access, when combined with system weaknesses, can lead to serious exposure of internal data. What’s Going On The vulnerability allows users with restricted privileges to view confidential connection configurations, […]

XCSSET Malware Evolves

Screenshot 2025 09 26 211103

Cybersecurity researchers have uncovered a new variant of the XCSSET malware, which is actively exploiting macOS systems. This malware, known for its history of targeting Xcode developers, has evolved with enhanced capabilities, making it even more dangerous for individuals and organizations relying on macOS environments. The latest version of XCSSET leverages malicious AppleScript files to […]

ColdRiver Expands Malware

Screenshot 2025 09 26 210541

A new campaign by the threat group ColdRiver (a.k.a. Star Blizzard or SEABORGIUM) is making waves in the cybersecurity landscape. Known for spear-phishing and credential theft, the group has now expanded its toolkit with custom backdoors designed to infiltrate high-value targets. The Campaign in Focus ColdRiver’s latest activity highlights a shift from traditional credential-harvesting tactics […]