1-855-263-7328
Security Portal Login
1-855-263-7328
Security Portal Login

Author: InfoSec News

Critical Flaws in Veeder‑Root TLS4B Systems

Screenshot 2025 10 28 223421

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious advisory regarding two critical vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge (ATG) system, widely used in fuel-storage and monitoring operations. These flaws present a major threat to operational technology (OT) environments, especially within the energy and utilities sectors where availability, integrity and safety are […]

BreachForums Rising

Screenshot 2025 10 28 140845

The notorious cybercrime forum BreachForums has re-emerged on a clearnet domain, making it accessible without specialized tools like Tor. Originally taken offline following multiple law-enforcement actions, the platform once again enables the trading of stolen credentials, ransomware discussions, and zero-day exploit exchanges. What’s happened The forum’s administrator (alias “koko”) announced that the site was restored […]

Critical Flaws in Dell Storage Manager

Screenshot 2025 10 28 141940

Dell Technologies has disclosed multiple high-severity vulnerabilities in its Storage Manager (DSM) software, affecting versions up to 20.1.21 and earlier. These flaws include an authentication-bypass, missing authentication, and an XML external entity (XXE) issue-together exposing storage environments to full compromise if left unpatched. Vulnerability Highlights CVE-2025-43995 (CVSS 9.8) – Improper authentication in the DSM Data […]

ChatGPT Atlas Vulnerability

Screenshot 2025 10 25 223223

A new security concern has surfaced around ChatGPT Atlas, a macOS browser that enables access to OpenAI’s ChatGPT models. Researchers have revealed that OAuth tokens-used for authenticating users-were stored in plain text inside a local SQLite database. This flaw could allow attackers or malicious local processes to hijack user accounts and access private conversations, API […]

WhatsApp Zero-Click Flaw

Screenshot 2025 10 25 222809

At Pwn2Own Ireland 2025, researchers discovered a potential zero-click remote code execution vulnerability affecting WhatsApp. The research team chose to withdraw their on-stage demonstration and instead privately disclose the issue to Meta through a coordinated process designed to give the vendor time to investigate and patch. The decision prioritizes responsible disclosure and reduces the chance […]

Jira Software Vulnerability

Screenshot 2025 10 25 180555

A high-severity path traversal vulnerability (CVE‑2025‑22167) affecting Jira Software Data Center and Server has been disclosed. The flaw allows authenticated users (with low privilege) to write files to any path on the host that the JVM process can access, posing serious risks of tampering, remote code execution or data corruption. What the Vulnerability Does The […]

Magento Stores Hit by Active RCE Exploit

YouTube Banner Magento RCE Crisis Three in Five Stores Vulnerable

Security researchers identified SessionReaper as an improper input validation / nested deserialization weakness in the Commerce REST API that allows unauthenticated actors to take over sessions and execute code. Proofs of concept and working exploit tools have proliferated, and automated scanning is finding thousands of vulnerable instances. Industry telemetry shows large-scale attack attempts, webshell drops, […]

Hackers Exploit ASP.NET

Moody Server Room Banner

Cybersecurity researchers have uncovered a large-scale attack campaign where hackers are abusing ASP.NET machine keys to compromise Microsoft Internet Information Services (IIS) servers. This new wave of intrusions, attributed to the threat group REF3927, leverages publicly exposed or leaked machine keys to generate malicious ViewState payloads capable of remote code execution. The ongoing exploitation underscores […]

GlassWorm: Invisible Code, Visible Damage

YouTube Banner glassWorm Security Threats

A new, highly sophisticated worm called GlassWorm is spreading through Visual Studio Code extensions on OpenVSX and other registries, and it is changing the rules for supply-chain security. Researchers at Koi Security first flagged the campaign after seeing extensions behave normally in code reviews but perform malicious actions at runtime. The worm uses invisible Unicode […]

Assault on AI Assistants

YouTube Banner Microsoft 365 Copilot Vulnerability Exposed

A newly discovered vulnerability in Microsoft 365 Copilot allows attackers to extract sensitive tenant data-such as recent emails-via an indirect prompt injection attack embedded within everyday Office documents. This incident highlights the growing complexity of securing AI-powered systems and the urgent need to treat them like any other enterprise attack surface. How the Attack Works […]