Latest news as of 9/20/2025, 8:57:42 PM
Bleeping Computer
Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. [...]
Bleeping Computer
An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. [...]
The Hacker News
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, CastleRAT's core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell," Recorded Future Insikt Group
Graham Cluley
Parents are being reminded to exercise caution about the toys that they purchase their children, after the United States Federal Trade Commission (FTC) announced it had taken action against a robot toy maker. Read more in my article on the Hot for Security blog.
Graham Cluley
A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia's state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia's invasion of Ukraine, crippled the company's operations and cost millions of euros in damages. Read more in my article on the Exponential-e blog.
Bleeping Computer
Microsoft announced that starting this Thursday, all college students in the United States can get a free year of Microsoft 365 Personal. [...]
Bleeping Computer
Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations, streamlined governance, and built-in compliance. [...]
Dark Reading
Programs like student-run SOCs can expand our cybersecurity workforce and better secure our public and private entities for when, not if, cyberattacks occur.
Bleeping Computer
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. [...]
The Hacker News
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module