- The 5 Golden Rules of Safe AI Adoptionby info@thehackernews.com (The Hacker News) on 27/08/2025 at 11:30
Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don’t want to slow AI adoption down, but you must make it safe. A policy sent company-wide will not cut it.
- Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Databy info@thehackernews.com (The Hacker News) on 27/08/2025 at 09:39
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395. "Beginning as early as
- Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infraby info@thehackernews.com (The Hacker News) on 27/08/2025 at 09:28
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under
- Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775by info@thehackernews.com (The Hacker News) on 26/08/2025 at 17:29
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in question are listed below - CVE-2025-7775 (CVSS score: 9.2) - Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service CVE-2025-7776 (CVSS score: 8.8) - Memory overflow
- New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Stationby info@thehackernews.com (The Hacker News) on 26/08/2025 at 17:23
A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software toolkit named Sni5Gect (short for "Sniffing 5G Inject") that's