enterprise security
-
Grafana patches CVSS 10.0 SCIM flaw that could allow impersonation
Grafana released updates to fix CVE-2025-41115, a CVSS 10.0 vulnerability in its SCIM provisioning component that could allow privilege escalation or user impersonation when specific configuration options are enabled; affected Enterprise versions and fixed releases were listed and users are urged to apply patches.
-
Backdoor.Win32.Buterat Targets Government and Enterprise Networks, Researchers Say
A new analysis from Point Wild details Buterat, a long-running backdoor that targets government and enterprise networks. The malware uses thread manipulation and encrypted C2 channels to avoid detection and maintain persistence, with defenders urged to strengthen endpoints and employee training.
-
High-severity authentication bypass patched in Passwordstate credential manager, vendor says
Click Studios has released a patch for Passwordstate to fix a high-severity authentication bypass vulnerability that could allow attackers to access the emergency access page and the admin area. The vulnerability affects Passwordstate deployments used by thousands of customers and security professionals, with a CVE identifier not yet assigned. The company has published a forum…
-
Workday says data breach tied to Salesforce-related social engineering campaign, broader breach wave observed
Workday disclosed a data breach after attackers gained access to a third-party CRM platform via a social engineering campaign. While customer tenants were not affected, some business contact information was exposed. The incident appears linked to a broader Salesforce data-theft campaign attributed to the ShinyHunters group, with Workday noting the discovery on August 6.
-
Increase in Government-Backed Zero-Day Hacks Targeting Enterprises Revealed
A recent report highlights a disturbing rise in government-backed zero-day hacks targeting enterprise systems, with the largest share of vulnerabilities aimed at significant corporations such as Microsoft and Google. Experts urge enterprises to improve security measures as attacks are expected to increase.
