CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

Do we still have to keep doing it like this?

Welcome to the first edition of the Threat Source newsletter for 2025. Upon returning to work this week from my Lindt chocolate reindeer coma, my first task was to write this newsletter. As I stared at a blank template hoping for inspiration to suddenly strike, I did what any security professiona...

GHSA-MGFG-7533-7JF6 ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming? Absolutel...

Okta Discloses Broader Impact Linked to October 2023 Support System Breach

Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system. "The threat actor downloaded the names and email addresses of all Okta customer support system users," the company sa...

T-Mobile agrees to pay customers $350 million in settlement over data breach

T-Mobile has agreed to pay $350 million to settle class action claims related to a 2021 cyberattack which impacted around 80 million US residents. Under the proposed settlement, T-Mobile would also commit to an aggregate incremental spend of $150 million for data security and related technology i...

Gigabyte Allegedly Hit by AvosLocker Ransomware

The AvosLocker ransomware gang is claiming that it breached tech giant Gigabyte and has leaked a sample of what it claims are files stolen from the Taiwanese company’s network. It’s offering to sell the rest. On Wednesday, the gang posted a “press release” announcing that it had purportedly gutte...

Empowering T-Mobile Consumers

Here's how the T-Mobile breach may affect you, and what you can do to protect your data...

Reddit: XSS

hi security team i have found a XSS in old.reddit.com and in reddit.com Description: Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the...

How far have we come? The evolution of securing identities

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned,...

T-Mobile Faces Yet Another Data Breach

T-Mobile USA has reported a data breach – its fourth in three years. The wireless carrier disclosed the breach last week via its website, saying that it detected and shut down “malicious, unauthorized access to some information” related to T-Mobile accounts. Specifically, that data consisted of...

OnePlus Suffers New Data Breach Impacting Its Online Store Customers

Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website. The breach came to light after OnePlus started informing affected customers via...

Beers with Talos EP 43: Espionage, Encryption, and CISO Square One

Beers with Talos BWT Podcast Ep. 43 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 43 show notes: Recorded Dec. 7, 2018. Several of us are under the weather, but the show must go on. We did our best, as alway...

Boys Town Healthcare Data Breach Exposed Personal Details of Patients

Another day, Another data breach! This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital. According to the U.S...

Excerpts from Building a High Speed SOC: Introduction

Carbon Black recently published an in-depth guide on what it takes to develop a "high speed" security operations center, or SOC; this is an excerpt from that guide, which you can find here. For more information on building high speed SOCs, including how to eliminate the "response gap," check out...

Equifax Breach – an Example of Good Communications

Equifax announced a massive breach that could impact at least 143 million US consumers. That’s 44 percent of the US population. This breach will have a significant impact on a lot of people. Companies in the financial sector take cybersecurity very seriously. Part of that work is accepting the...

Data Breaches Feed Password Reuse Crimes: No Simple Fixes

It was June 2012 when Dale Meredith was shopping online for a BBQ grill for Father’s Day and found one at Sears.com. The only snag, he had to create a username and password to buy it. That irked him. He was annoyed because it was literally the hundredth-plus service—including his local newspaper,...

Census Bureau Says Breach Didn't Compromise Sensitive Data

Officials at the United States Census Bureau say that the attackers who compromised one of the bureau’s databases last week did not get access to any confidential information, but only data such as names and phone numbers of organizations that submit information to the Federal Audit Clearinghouse...

German software developer Ashampoo Hit by Data Breach !

German software developer Ashampoo Hit by Data Breach ! German software developer Ashampoo has notified its customers about a data breach incident that resulted in the exposure of their names and email addresses. According to an announcement posted on the company's website, unidentified hackers...