A critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered […]
Author: cyberbytes
First-ever zero-click attack targets Microsoft 365 Copilot
Imagine an attack so stealthy it requires no clicks, no downloads, no warning – just an email sitting in your inbox. This is EchoLeak, a […]
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation […]
Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject […]
137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor
SoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal information on 4,517,039 customers had been leaked through two separate cases […]
CSO Awards 2025 showcase world-class security strategies
For more than a decade, the CSO Awards have recognized security projects that demonstrate outstanding thought leadership and business value. The award is an acknowledged mark […]
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI […]
Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity
Microsoft has addressed multiple critical issues affecting Windows Server 2025 domain controllers through its June 2025 Patch Tuesday updates, resolving authentication failures and network connectivity […]
Phishing sites posing as DeepSeek downloads drop a proxy backdoor
Kaspersky is warning LLM users of a new malicious campaign distributing a previously unknown malware, dubbed “BrowserVenom,” through a fake DeepSeek-R1 environment installer. According to […]
Command Injection Flaw in Palo Alto PAN-OS Allows Root-Level Code Execution
A newly disclosed command injection vulnerability (CVE-2025-4230) in Palo Alto Networks PAN-OS software enables authenticated administrators to bypass restrictions and execute arbitrary commands with root […]