Vane Viper, a notorious threat actor, has been unmasked as a master of malicious adtech. Known for causing digital chaos, Vane Viper uses a web of shell companies to dodge accountability, while their ad-fraud antics keep cybersecurity experts on their toes. Remember, it’s not just a threat actor hiding behind adtech; it’s an adtech platform…

Cisco is urging users to patch two zero-day vulnerabilities in its Secure Firewall ASA and FTD software, which are being exploited in the wild. These flaws could allow attackers to bypass authentication and execute malicious code. It’s like leaving your front door open for hackers with a “Welcome” mat!

CISA has ordered federal agencies to patch Cisco devices exploited by the hacker group ArcaneDoor, also known as Storm-1849. These hackers exploit zero-day vulnerabilities for remote code execution. Agencies must act quickly to avoid becoming the hackers’ next happy little accident.

The Co-operative Group faced an £80 million operating profit loss due to a cyberattack. The attack not only disrupted systems but also stole personal data of 6.5 million members. Despite the chaos, Co-op managed to maintain liquidity, though they might want to consider investing in a firewall stronger than a wet paper towel.

In this week’s Threatsday Bulletin, we dive into cybersecurity’s latest drama: fresh exploits, high-profile arrests, and cybercriminals’ newest tricks. Whether you’re defending a global enterprise or just your inbox, it’s a reminder to keep moving fast—because in this game, even your grandma’s Wi-Fi password could be a target.

Continuous Threat Exposure Management (CTEM) is turning the tables on cybersecurity by focusing on prioritization and validation, not panic. It’s about dodging the false urgency of “critical” alerts and honing in on real threats. Why chase ghosts when you can prove your defenses where it counts?

Operation HAECHI VI just gave cybercriminals a run for their money, literally! With 40 countries teaming up, INTERPOL seized a whopping $439M from global cybercrime rings. So, if you’re thinking about dabbling in cyber mischief, remember: the world is watching, and they’re taking back the loot!

CISA has sounded the alarm, ordering federal agencies to patch Cisco firewall flaws under Emergency Directive 25-03. The vulnerabilities, CVE-2025-20333 and CVE-2025-20362, have been exploited in zero-day attacks. Agencies must identify, patch, or disconnect vulnerable devices swiftly to thwart the ArcaneDoor campaign’s attempted network invasions.

Join HRMCon 2025 in Austin or virtually to tackle the 19% human risk visibility gap. Discover strategies beyond traditional tech, hear from experts, and earn CPE credits. It’s not just another security event; it’s where human risk becomes a managed business function—without giving up your coffee breaks!

Volvo North America revealed that employee data took an unauthorized detour following a ransomware attack on its IT provider Miljödata. While Volvo’s own systems stayed intact, the exposed data now enjoys a luxurious stay on the dark web. But don’t worry, Volvo’s offering 18 months of identity protection because nothing says “sorry” like free credit…

The Vietnamese hacking group Lone None is turning inboxes into digital booby traps. By disguising malware as legal notices, they aim to swipe cryptocurrency and sensitive data. It’s a cautionary tale: don’t let urgency fool you into clicking. Remember, not every email demanding action is legit—sometimes it’s just phishing in disguise.

The Radiant Group has outdone itself by targeting Kido International, a preschool organization, in a ransomware attack. These cybercriminals leaked sensitive data on children and parents, setting a new low for moral standards. As Alan Woodward puts it, “You wonder if these people are amoral or just plain evil.”

Cisco is urging customers to patch two zero-day vulnerabilities being actively exploited in their firewall software. One lets remote attackers execute code, while the other allows access to restricted URLs. So, if your firewall’s feeling a little too welcoming, it might be time for a software upgrade.

Prompt injection and an expired domain nearly turned Salesforce’s Agentforce into a data thief’s playground! Researchers at Noma Security discovered the ForcedLeak attack, revealing how mischievous forms could trick AI agents into spilling CRM secrets faster than you can say “data breach.” Thankfully, Salesforce patched it up before things got too wild.

Amazon will pay $2.5 billion to settle claims by the U.S. Federal Trade Commission (FTC) that it used dark patterns to trick millions into Prime subscriptions. The settlement includes a $1 billion penalty and $1.5 billion in refunds, ensuring that Amazon’s sneaky subscription tactics become a thing of the past.

The ForcedLeak vulnerability in Salesforce’s AgentForce is no joke! With a severity score of 9.4, it allowed attackers to steal sensitive CRM data via indirect prompt injection. Thankfully, Salesforce patched it, but it’s a wake-up call for businesses to keep their AI security game strong.

Beware of Rust crates faster_log and async_println! These sneaky packages impersonated the popular fast_log crate to swipe cryptocurrency private keys. If you downloaded them, move your digital assets pronto! Always verify publishers’ reputation and scrutinize building instructions to avoid fetching malicious packages.

The postmark-mcp backdoor is so simple, it’s like a hacker’s version of a whoopee cushion. Organizations handed over the keys without a second thought. The Koi Security report warns of a systemic vulnerability in the MCP ecosystem, where unchecked tools by unknown developers run amok.

The ForcedLeak vulnerability in Salesforce Agentforce lets attackers treat CRM data like a buffet, grabbing sensitive info with indirect prompt injections. Noma Security’s discovery highlighted how AI can accidentally spill secrets. Salesforce patched it, but it’s a wake-up call for companies to guard their AI fortresses better.

Beware of phishy business! PyPI warns users about a new phishing campaign using sneaky domain confusion tactics to nab credentials. The trick? Fake emails urging you to verify your email or face account suspension. Remember: pypi-mirror.org is not your friend. Stay safe and consider setting up phishing-resistant multi-factor authentication!