Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware
Hackers exploit a Sitecore zero-day (CVE-2025-53690) to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution (RCE).
Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens
Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.
EU fines Google nearly €3bn for ‘abusing’ dominant position in ad tech
Regulators ordered the tech giant to end ‘self-preferencing practices’ in advertising services but declined to force saleEuropean Union regulators on Friday hit Google with a €2.95bn ($3.5bn) fine for breaching the bloc’s competition rules by favoring …
EU fines Google nearly €3bn for ‘abusing’ dominant position in ad tech
Regulators ordered the tech giant to end ‘self-preferencing practices’ in advertising services but declined to force saleEuropean Union regulators on Friday hit Google with a €2.95bn ($3.5bn) fine for breaching the bloc’s competition rules by favoring …
France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules
France’s data watchdog fined Google $379M (€325 million) and Shein $175M (€150 million) for breaching cookie rules. The French data watchdog, the National Commission on Informatics and Liberty (CNIL), fined Google $379 million (€325 million) and Shein $175 million (€150 million) for violating cookie rules. “The two fines imposed on GOOGLE and SHEIN by the restricted committee – the CNIL […]
September 2025 Patch Tuesday forecast: The CVE matrix
We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE desig…
Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms
A new security vulnerability called ‘Model Namespace Reuse’ allows attackers to hijack AI models on Google, Microsoft, and…
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the …
Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak
Scattered Lapsus$ Hunters threaten Google, demanding that two security experts, Austin Larsen of Google’s Threat Intelligence Group and Charles Carmakal of Mandiant, be fired or they will leak alleged stolen Google data.
Google Alerts to Active Exploitation of Sitecore Zero-Day Flaw
Security teams have issued a warning after Google researchers detected active attacks exploiting a new zero-day vulnerability in Sitecore products. Tracked as CVE-2025-53690, this flaw allows attackers to run code on unpatched servers by tampering with…