Shortly after the May 2025 rollout of 107 Copilot Agents in Microsoft 365 tenants, security specialists discovered that the “Data Access” restriction meant to block agent availability is being ignored. Key Takeaways1. The “NoUsersCanAccessAgent” policy is bypassed, leaving some Copilot…
Category: Cyber Security News
NIST Publish ‘Lightweight Cryptography’ Standard To Protect IoT Devices
The National Institute of Standards and Technology (NIST) has officially released NIST Special Publication 800-232, establishing the Ascon family of algorithms as the new standard for lightweight cryptography designed specifically for resource-constrained devices. Published in August 2025, this groundbreaking standard…
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete system compromise. The vulnerability, tracked as CVE-2025-26496 with a CVSS score of 9.6, affects multiple versions of both Tableau Server…
New macOS Installer Promising Lightning-fast Data Exfiltration Advertised on Dark Web
A newly discovered macOS stealer, dubbed Mac.c, has surfaced on darknet forums, offering lightning-fast data exfiltration for just $1,500 per month. Developed by the threat actor “mentalpositive,” Mac.c is advertised as a streamlined alternative to the established AMOS stealer, targeting…
Happy Birthday Linux! Powering Numerous Devices Across the Globe for 34 Years
On August 25, 2025, the world celebrates the 34th anniversary of Linux, marking one of the most significant milestones in computing history. What began as a humble hobby project by a 21-year-old Finnish student has evolved into the backbone of…
KorPlug Malware Unmasked – TTPs, Control Flow, IOCs Exposed
A sophisticated malware strain known as KorPlug has emerged as a significant threat in the cybersecurity landscape, employing advanced obfuscation techniques to evade detection and complicate analysis efforts. This malware represents a particularly concerning development due to its implementation of…
Hackers Leverage SendGrid in Recent Attack to Harvest Login Credentials
A sophisticated credential harvesting campaign has emerged, exploiting the trusted reputation of SendGrid to deliver phishing emails that successfully bypass traditional email security gateways. The attack leverages SendGrid’s legitimate cloud-based email service platform to create authentic-looking communications that target unsuspecting…
PoC Exploit & Vulnerability Analysis Released for Apple 0-Day RCE Vulnerability
A detailed proof-of-concept exploit and comprehensive vulnerability analysis have been released for CVE-2025-43300, a critical zero-click remote code execution flaw affecting Apple’s image processing infrastructure. The vulnerability, discovered in Apple’s implementation of JPEG Lossless Decompression within the RawCamera.bundle, allows attackers…
New Microsoft 365 Admin Feature Let Admins Control Link Creation Policies
Microsoft is rolling out a significant new administrative control feature in mid-September 2025 that will enable IT administrators to manage organization-wide sharing permissions for user-built Copilot agents. The feature addresses growing enterprise concerns about governance and security in AI agent…
Top 15 Best Security Incident Response Tools In 2025
Incident response Tools or incident management software are essential security solutions to protect businesses and enterprises from cyber attacks. Our reliance on the internet is growing, and so make a threat to businesses, despite increased investments and expertise in cyber…