@campuscodi@mastodon.social

Catalin Cimpanu
@campuscodi@mastodon.social

Cybersecurity reporter for Risky Business

#infosec #cybersecurity #security

Notes: 174
Following: 0
Followers: 0

Newsletter:: https://risky.biz/newsletters/
Podcast:: https://risky.biz/podcasts/

Catalin Cimpanu
@campuscodi@mastodon.social

This account is now on delete posts older than a week.

Catalin Cimpanu
@campuscodi@mastodon.social

Sounds about right 🫠

Article headline that reads: AI on Australian travel company website sends tourists to nonexistent hot springs

Catalin Cimpanu
@campuscodi@mastodon.social

New N-able zero-days: https://www.cisa.gov/news-events/alerts/2025/08/13/cisa-adds-two-known-exploited-vulnerabilities-catalog

Vendor notes: https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/

Catalin Cimpanu
@campuscodi@mastodon.social

Recapping Fortinet's spectacular Patch Tuesday:

-bypass auth using serial number: https://fortiguard.fortinet.com/psirt/FG-IR-24-042
-forge cookies to bypass auth: https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970
-bug with exploit in the wild: https://www.fortiguard.com/psirt/FG-IR-25-152

And I thought my day was rough yesterday... sheeeeesh!

Catalin Cimpanu
@campuscodi@mastodon.social

FIRSTCON 2025 videos: https://www.youtube.com/playlist?list=PLBAUUhONOrO81e07ErZclykFgacbncbSZ

VULNCON 2025 videos: https://www.youtube.com/playlist?list=PLBAUUhONOrO8iOYvs3pAbuzb-A07ZdT9C

Catalin Cimpanu
@campuscodi@mastodon.social

Security researcher Michael Bargury has released the AI Agents Attack Matrix, a database of TTPs used to target GenAI-based systems, copilots, and agents

https://github.com/mbrg/genai-attacks

Catalin Cimpanu
@campuscodi@mastodon.social

Poland's data protection agency has fined McDonald's Poland almost €4 million for leaking employee personal data

This is the second-largest GDPR fine handed out by Polish authorities

https://uodo.gov.pl/pl/138/3827

Catalin Cimpanu
@campuscodi@mastodon.social

ReliaQuest looks at how members of the Scattered Spider and ShinyHunters groups joined forces to hack Salesforce customer accounts and then extort the companies for major paydays.

https://reliaquest.com/blog/threat-spotlight-shinyhunters-data-breach-targets-salesforce-amid-scattered-spider-collaboration/

Catalin Cimpanu
@campuscodi@mastodon.social

Two ransomware gangs have claimed breaches of two major US military contractors.

The World Leaks group claimed L3Harris, while the Play gang claimed an intrusion at Jamco Aerospace.

https://www.cyberdaily.au/security/12489-major-supplier-of-military-and-commercial-aircraft-allegedly-hit-by-play-ransomware

https://www.cyberdaily.au/security/12488-exclusive-world-leaks-ransomware-gang-claims-hack-of-defence-contractor-l3harris-list

Catalin Cimpanu
@campuscodi@mastodon.social

The Heracles attack can leak sensitive data from cloud environments and confidential VMs that rely on AMD SEV-SNP for trusted execution environments (TEEs)

https://heracles-attack.github.io/

Catalin Cimpanu
@campuscodi@mastodon.social

A suspected child predator website named Skibidi Farms was allegedly hacked.

Sorry, I'm not googling for that to confirm.

I'm on enough FBI watchlists already.

https://x.com/bx_on_x/status/1952735669190545773