Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. […] Go to Source Author: Bill Toulas
Author Archives: Onsite Computing, Inc.
Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. “The vulnerability we discovered was remarkably simple to exploit — by providing only a non-secret app_id value to undocumented registration and email verification endpoints, an attacker […]
Microsoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI). […] Go to Source Author: Sergiu Gatlan
Orange, a French telecommunications company and one of the world’s largest telecom operators, revealed that it detected a breached system on its network on Friday. […] Go to Source Author: Sergiu Gatlan
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the […]
A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44. Go to Source Author: Jai Vijayan, Contributing Writer
With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do. Go to Source Author: Durgaprasad Balakrishnan
FBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. […] Go to Source Author: Bill Toulas
Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. […] Go to Source Author: Sponsored by Push Security
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double […]