Cybersecurity

Multiple local authorities in London are dealing with a serious cybersecurity incident, it has recently emerged. The Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC) issued a statement saying they are responding to an incident identified on Monday morning. The incident has impacted several systems of both organizations, including telephone lines. Both entities have notified the UK Information Commissioner’s Office (ICO) and are collaborating with the National Cyber ​​Security Center (NCSC) for the response to the incident. ...

Critical Bug Discovery in Fluent Bit Cybersecurity researchers have discovered a set of critical vulnerabilities affecting Fluent Bit, a widely used telemetry agent with more than 15 billion deployments. These flaws highlight weaknesses in essential components that organizations use to move logs, metrics and traces across banking, cloud and software-as-a-service (SaaS) platforms. According to an advisory from Oligo Security, the flexibility of Fluent Bit can become a significant risk if data sanitization fails. The problems identified lie in input handling, label processing and output management. ...

New research from CrowdStrike has revealed that the artificial intelligence (AI) reasoning model DeepSeek-R1 produces a significantly higher number of security vulnerabilities in response to requests containing topics considered politically sensitive by China. The study, which assessed the impact of geopolitical biases on the quality of AI-generated code, found that the likelihood of DeepSeek-R1 generating code with serious vulnerabilities increases by up to 50% when including “topics that the Chinese Communist Party (CCP) is likely to consider politically sensitive.” ...

Security researchers at Oligo Security have discovered five vulnerabilities in Fluent Bit, a lightweight, open-source telemetry agent, that could be chained together to compromise and take control of cloud infrastructures. Fluent Bit is widely used in enterprise environments, and successful exploitation of these flaws could allow attackers to disrupt cloud services, manipulate data, and delve into Kubernetes and cloud infrastructures. Details of Vulnerabilities The identified security flaws allow attackers to bypass authentication, perform path traversal, achieve remote code execution (RCE), cause denial of service (DoS) conditions, and manipulate tags. The five vulnerabilities are detailed below: ...

Security Alert: Iberia Airlines Reports Customer Data Breach Iberia Airlines, part of the International Airlines Group (IAG) along with British Airways and Aer Lingus, has notified its customers about a security incident that compromised personal information. The data breach originated through an Iberia supplier, underscoring the inherent risks to supply chain security. The airline began sending notifications to customers over the weekend, revealing that the incident involved unauthorized access to a supplier’s systems. ...

Multiple security companies have warned of a second wave of attacks affecting the npm registry, reminiscent of the Shai-Hulud attack of September 2025. This new campaign, called Sha1-Hulud, has compromised hundreds of npm packages between November 21 and 23, 2025. According to Wiz researchers, the new variant of the attack executes malicious code during the preinstall phase, significantly increasing exposure in build and runtime environments. The Evolution of the Sha1-Hulud Attack The Sha1-Hulud attack shares similarities with the previous wave, which also posted stolen secrets on GitHub under the description “Sha1-Hulud: The Second Coming.” The previous wave was characterized by compromising legitimate packages to search for secrets on developer machines using the TruffleHog credential scanner and propagate in a self-replicating manner. ...

A new command and control (C2) platform called Matrix Push C2 is being used by cybercriminals to distribute malware, taking advantage of a legitimate feature of web browsers: push notifications. According to a report by BlackFrog, this malicious platform tricks users with fake system notifications, redirects them to malicious websites, monitors victims in real time, and scans for cryptocurrency wallets. How Does the Matrix Push C2 Attack Work? Matrix Push C2 abuses the browser’s push notification system to create a C2 communication channel. The attack process takes place in several stages: ...

 Security Alert for Unusual Activity in Gainsight Apps Salesforce has issued a warning about detecting “unusual activity” related to apps published by Gainsight and connected to its platform. The company’s investigation suggests that this activity may have allowed unauthorized access to data of certain Salesforce customers through the third-party application connection. In response to the incident, Salesforce has taken preventive measures: Token Revocation: All active access and refresh tokens associated with Gainsight applications have been revoked. Platform Removal: Gainsight apps have been temporarily removed from the AppExchange while the investigation continues. Salesforce has notified affected customers, although it has not revealed the total number of victims. The company emphasized that “there is no indication that this issue resulted from any vulnerability in the Salesforce platform,” stating that the activity appears to be related to the “external application connection” to Salesforce. ...

Alarming Increase in Supply Chain Gaps According to BlueVoyant’s annual State of Supply Chain Defense: Annual Global Insights Report 2025, an overwhelming majority of organizations (97%) have been negatively impacted by a supply chain breach. This data represents a significant increase compared to the 81% recorded in 2024, pointing out the growing vulnerability of companies to third-party risks. Increasing Maturity in Third Party Risk Management (TPRM) Despite the worrying outlook, the report highlights that organizations are intensifying their efforts to prevent, mitigate and resolve supply chain incidents more effectively. ...

Potentially Historic Massive Data Leak Austrian researchers have revealed a mass enumeration vulnerability in WhatsApp that allowed the extraction of 3.5 billion user phone numbers. This finding highlights a security flaw in the app’s “contact discovery” feature, which, lacking strict rate limiting, allowed researchers to scrape a large portion of WhatsApp’s user base. The method exploited by the researchers is based on how WhatsApp makes it easy to add contacts: when you enter a phone number, the platform instantly checks whether that number is registered and often displays the profile photo and associated name. By repeating this process billions of times using the browser-based WhatsApp app, researchers were able to collect phone numbers of almost all WhatsApp users in the world. ...