Cisco discloses data breach affecting cisco.com accounts. Basic profile details were leaked through a vishing attack.
Posted inCybersecurity News

Cisco discloses data breach affecting cisco.com accounts. Basic profile details were leaked through a vishing attack.

Cisco has disclosed a data breach affecting Cisco.com user accounts, revealing that unauthorized actors gained access to basic profile information following a sophisticated voice phishing (vishing) attack. The breach was discovered on July 24, 2025, after cybercriminals deceived a Cisco representative and obtained credentials that allowed them to access a third-party cloud-based Customer Relationship Management (CRM) system used by the company.
Microsoft’s Zero Day Quest hacking contest booty increased to $5 million.
Posted inCybersecurity News

Microsoft’s Zero Day Quest hacking contest booty increased to $5 million.

Microsoft has raised the stakes for its flagship security competition, announcing that the prize pool for the 2025 Zero Day Quest hacking contest will be increased to $5 million. This represents the largest reward the company has ever offered for a public security research event, surpassing last year’s total by $1 million. The move underscores Microsoft’s commitment to attracting top security talent and driving innovation in vulnerability research.
Discord’s CDN exploited to deliver a Remote Access Trojan (RAT) disguised as a legitimate OneDrive file.
Posted inCybersecurity News

Discord’s CDN exploited to deliver a Remote Access Trojan (RAT) disguised as a legitimate OneDrive file.

A recent cybersecurity investigation has revealed a sophisticated phishing campaign leveraging Discord’s Content Delivery Network (CDN) to distribute Remote Access Trojan (RAT) malware disguised as legitimate Microsoft OneDrive files. This campaign primarily targets Microsoft 365 users and underscores the evolving tactics employed by cybercriminals to bypass conventional security measures.
D4rk4rmy claims responsibility for cyberattack against Monte-Carlo Société des Bains de Mer (SBM), operator of luxury hotels, casinos, and entertainment venues.
Posted inCybersecurity News

D4rk4rmy claims responsibility for cyberattack against Monte-Carlo Société des Bains de Mer (SBM), operator of luxury hotels, casinos, and entertainment venues.

The cybercrime collective known as D4rk4rmy has asserted responsibility for a significant cyberattack against Monte-Carlo Société des Bains de Mer (SBM), Monaco’s renowned operator of luxury hotels, casinos, and entertainment venues. SBM, founded in 1863, is the backbone of Monaco’s reputation for elegance and exclusivity.
Chanel targeted in a wave of Salesforce data theft attacks.
Posted inCybersecurity News

Chanel targeted in a wave of Salesforce data theft attacks.

French luxury fashion house Chanel has become the latest high-profile victim in a series of data thefts targeting companies that use Salesforce, one of the world’s leading cloud-based customer relationship management platforms. The breach at Chanel was first detected on July 25, 2025, and has raised significant concerns about the security of sensitive customer data in the fashion and retail sector.
DHS, CISA, and FEMA announce over $100 million in funding for cybersecurity infrastructure improvements.
Posted inCybersecurity News

DHS, CISA, and FEMA announce over $100 million in funding for cybersecurity infrastructure improvements.

he United States Department of Homeland Security (DHS), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA), has announced more than $100 million in new funding dedicated to strengthening the cybersecurity infrastructure of state, local, and tribal governments.
Bitdefender urges immediate firmware update for Dahua cameras after discovering critical vulnerabilities.
Posted inCybersecurity News

Bitdefender urges immediate firmware update for Dahua cameras after discovering critical vulnerabilities.

Bitdefender has issued an urgent advisory to owners of Dahua security cameras, highlighting the need for immediate firmware updates following the discovery of two high-severity vulnerabilities. These flaws—tracked as CVE-2025-31700 and CVE-2025-31701, each with a CVSS severity score of 8.1—could enable unauthenticated attackers to gain full remote control over affected devices.
LegalPwn exploits AI models by using legitimate legal language to trick them into misclassifying malicious software as safe code.
Posted inCybersecurity News

LegalPwn exploits AI models by using legitimate legal language to trick them into misclassifying malicious software as safe code.

The novel “LegalPwn” attack, developed by researchers at Pangea Labs, demonstrates how attackers can trick artificial intelligence models like ChatGPT, Google Gemini, GitHub Copilot, Meta’s Llama, and xAI’s Grok into misclassifying malicious software as safe code by cleverly disguising it within seemingly legitimate legal language.