September 26, 2025

Cyber threat-sharing law set to shut down, along with US government

Act passed in 2015 is due to lapse unless a continuing resolution passes - and that's unlikely Barring a last-minute deal, the US federal government would shut down on Wednesday, October 1, and the 2015 Cybersecurity Information Sharing Act would lapse at the same time, threatening what many…

Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects

Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while continuing to target developers.…

Salesforce facing multiple lawsuits after Salesloft breach

CRM giant denies security shortcomings as claims allege stolen data used for ID theft Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.…

‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug

Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.…

LockBit’s new variant is ‘most dangerous yet,’ hitting Windows, Linux and VMware ESXi

Operation Cronos didn’t kill LockBit – it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments. …

Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that…

Copyright © 2026 Lugapel