Spanish fashion retailer MANGO disclosed a data breach after a marketing vendor compromise exposed customer personal information. Mango is a global fashion brand founded in Barcelona in 1984, it has over 2,850 stores in 120 countries and 16,400 employees. In 2024, it reported €3.3 billion in revenue and €219 million in profit. Online sales account […]
Alex Wickham / Bloomberg:
Sources: Chinese state actors compromised UK government servers for at least the last 10 years, routinely accessing low- and medium-level classified information — Chinese state actors systemically and successfully compromised classified UK government computer systems for more than a decade …
Federal Agencies Ordered to Patch or Decommission F5 Devices Amid Imminent RiskAn advanced nation-state threat actor stole sensitive F5 source code and vulnerability data to craft tailored exploits, prompting an emergency directive amid a U.S. government shutdown that has left cyber defenses strained and federal networks at "imminent risk."
Vibe coding may have played a role in what took researchers months to fix Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked with Microsoft to combat an issue that could have led to some nasty supply chain attacks.…
U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. [...]
The Payments Giant Is Creating Digital Rails for Secure, AI-Driven CommerceVisa is doubling down on both B2C and B2B agentic AI use cases. Early experiments focus on automating repetitive, trust-sensitive financial tasks, but the company is rapidly expanding into more sophisticated scenarios, positioning itself at the center of the next major shift in global payments.
An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions.
Malfunctioning equipment and manual processing cause 90-minute waits The European Union's new biometric Exit/Entry System (EES) got off to a chaotic start at Prague's international airport, with travelers facing lengthy queues and malfunctioning equipment forcing border staff to process arrivals manually.…
Cybersecurity teams often struggle to test defenses for industrial control systems without risking disruption. A group of researchers from Curtin University has developed a way to make that easier. Their work introduces a container-based framework that lets researchers and practitioners simulate real control system environments and run cyberattacks on them safely. Industrial control systems (ICS) run everything from water treatment plants to power grids. Because they manage physical processes, testing them directly can be risky. … More →
The post A safer way to break industrial systems (on purpose) appeared first on Help Net Security.
Ivanti has disclosed 13 vulnerabilities in its Endpoint Manager (EPM) software, including two high-severity flaws that could enable remote code execution and privilege escalation, urging customers to apply mitigations while patches remain in development. The announcement comes amid growing scrutiny of enterprise management tools, as attackers increasingly target them for supply chain compromises. Although no […]
The post Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution appeared first on Cyber Security News.