Earlier this year, WestJet revealed that some of its passengers were affected by a cyberattack that resulted in the theft of personal information. The WestJet data breach, which took place in June 2025, has now been confirmed to be targeting passenger data. While the airline has confirmed that no credit card show more ...
Fortinet has urgently notified users of a critical OS command injection vulnerability in its FortiSIEM platform, identified as CVE-2025-25256, which is now being actively exploited in the wild. According to Fortinet’s security advisory, the flaw received a CVSS score of 9.8, indicating its extreme severity. What’s show more ...
Microsoft has disclosed a serious vulnerability in its collaboration platform, Microsoft Teams, that could open the door to Remote Code Execution (RCE) attacks. The flaw, tracked as CVE-2025-53783, carries a CVSS score of 7.5 and is categorized as “Important.” The issue arises from a heap-based buffer overflow, show more ...
Adobe has issued a new set of security patches addressing more than 60 vulnerabilities across 13 of its widely used software products. This update, part of the company’s routine Adobe Patch Tuesday cycle, includes critical fixes for applications ranging from Adobe Commerce and Illustrator to its Substance 3D suite. show more ...
Remember the early days of the internet and 419 (aka Nigerian prince) scams promising mountains of gold just for you? That era is thankfully over, but today a new curse is all the rage: messenger phishing. Due to its vast user base, the openness of its API, and support for crypto payments, one particular messenger show more ...
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with show more ...
According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models.
The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.
AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US leaderboard.
The US banned the sale of AI chips to China and then backed off. Now, Chinese sources are calling on NVIDIA to prove its AI chips have no backdoors.
Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.
Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.
The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic targeting the vendor's SSL VPNs.
The U.S. and foreign law enforcement partners seized assets — including cryptocurrency and cash, vehicles, real estate and cryptocurrency mining equipment — valued at over $450 million from the men.
The office of Pennsylvania Attorney General Dave Sunday experienced multiple days of outages related to a cyberattack. He called it "a frustrating situation."
An urgent patch has been released for two bugs affecting the Matrix messaging protocol used by some governments for secure communications.
Researchers observed a threat actor advancing Russian interests by targeting state organizations and an energy supplier in Georgia and Moldova.
New York's attorney general filed a lawsuit accusing the Zelle payment system of not doing enough to fight fraud, echoing allegations that the Biden administration had made against the platform's operator.
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging
The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here’s the uncomfortable truth: Attackers are evolving just as fast. Every leap forward in AI gives bad actors new tools — deepfake scams so real they trick your CFO, bots that can bypass human review,
Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution. The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation. "Untrusted search path in
MedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly recruiting for penetration testers to help it compromise more businesses. Read more in my article on the Fortra blog.
Source: thehackernews.com – Author: . New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers are warning of a “significant spike” in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses show more ...
Source: thehackernews.com – Author: . An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. “This latest wave of show more ...
Source: thehackernews.com – Author: . A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. “They repeatedly tried to extract the NTDS show more ...
Source: thehackernews.com – Author: . Most security tools can’t see what happens inside the browser, but that’s where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer show more ...
Source: grahamcluley.com – Author: Graham Cluley Skip to content In episode 63 of The AI Fix, Unitree Robotics looks to Black Mirror episode “Metalhead” for tips on marketing its new robot dog, ChatGPT is secretly running Sweden, OpenAI introduces its first open weight model since GPT-2, and your private show more ...
Source: www.bitdefender.com – Author: Graham Cluley The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang’s servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency. The DOJ’s press release show more ...
Source: securityboulevard.com – Author: Alan Shimel At Black Hat, Robert Johnston and Vikram Ramesh of N-able talk about the growing security pressures on small and mid-sized businesses. They note that ransomware and credential-based attacks are climbing sharply in the mid-market. Attackers who once focused on show more ...
Source: securityboulevard.com – Author: Richi Jennings Zero day—zero clue: Old, bug-prone app relies on you to go look for update files. The post ANOTHER WinRAR 0-Day: Don’t Patch Now — Uninstall It! appeared first on Security Boulevard. Original Post URL: https://securityboulevard. show more ...
Source: securityboulevard.com – Author: Erik Hjelmvik PureRAT is a Remote Access Trojan, which can be used by an attacker to remotely control someone else’s PC. PureRAT provides the following features to an attacker: See the victims user interfaceInteract with the victim PC using mouse and keyboardView show more ...
Source: hackread.com – Author: Waqas. Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more, urging fast updates. Microsoft delivered patches for 107 vulnerabilities as per of its Patch Tuesday security updates. Of the show more ...
Source: hackread.com – Author: Deeba Ahmed. Connex Credit Union breach exposes data of 172000 members, legal probe launched, experts urge victims to monitor accounts for fraud and identity theft. A significant data breach at Connex Credit Union has affected the personal information of 172,000 members. The show more ...
Source: hackread.com – Author: Deeba Ahmed. A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a new backdoor called MucorAgent. Learn how they’re using advanced tactics to steal data. A new hacking group with ties to Russia has been show more ...
Source: news.sophos.com – Author: Editor PRODUCTS & SERVICES Following multiple enhancements to Sophos Email – the only MDR-optimized email security solution – Sophos is introducing two new offerings to boost email security posture. Email remains one of the primary malware delivery methods. With over show more ...
Source: krebsonsecurity.com – Author: BrianKrebs Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to show more ...
Source: thehackernews.com – Author: . The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here’s the uncomfortable truth: Attackers are evolving just as fast. Every show more ...
Source: thehackernews.com – Author: . Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited show more ...
Source: www.techrepublic.com – Author: Aminu Abdullahi Older WinRAR versions let malicious archives override the user-specified path via crafted archives, enabling stealthy system compromise. Cybersecurity researchers have identified an actively exploited flaw in WinRAR that attackers are using to plant show more ...
Source: www.techrepublic.com – Author: Megan Crouse Published August 12, 2025 SonicWall identified under 40 security incidents and determined the access control problem was related to a vulnerability published last year. Image: Envato/iLixe48 Cybersecurity platform company SonicWall has identified the origins show more ...
Source: www.techrepublic.com – Author: TechRepublic Academy Published August 12, 2025 We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Lightweight, fingerprint-secured SSD with show more ...
Source: go.theregister.com – Author: Jos Creese Debate Not for the first time, Microsoft is in the spotlight for the UK government’s money it voraciously consumes – apparently £1.9 billion a year in software licensing, and roughly £9 billion over five years. Not surprisingly, there are plenty of show more ...
Source: go.theregister.com – Author: Gareth Halfacree The maintainers of the federated secure chat protocol Matrix are warning users of a pair of “high severity protocol vulnerabilities,” addressed in the latest version, saying patching them requires a breaking change in servers and clients. show more ...
Source: go.theregister.com – Author: Carly Page The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the Minnesota capital to declare a state of national emergency. The listing on Interlock’s dark web leak show more ...
Source: go.theregister.com – Author: Simon Sharwood Terraform Labs founder Do Kwon has pled guilty to committing fraud when promoting the so-called “stablecoin” Terra USD and now faces time in jail. Kwon was a pioneer of “stablecoins” – cryptocurrencies tied to the value of a fiat currency. In show more ...
Source: heimdalsecurity.com – Author: Danny Mitchell MSPs are being told they need dedicated attack surface management solutions when what they really need is better visibility from the tools they already have. The security industry keeps introducing new categories of tools that promise to solve visibility show more ...
Source: heimdalsecurity.com – Author: Danny Mitchell What I learned from listening to an engineer who spent six years burning money before discovering the truth about MSP sales. “I was afraid of sales. I was afraid of rejection. I was afraid of someone saying no to me. But that slippery slope led to complete show more ...
Source: www.infosecurity-magazine.com – Author: A severe remote code execution (RCE) vulnerability in Erlang’s Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited. According to a new analysis by Palo Alto’s Unit 42, CVE-2025-32433, rated 10.0 on the CVSS scale, allows show more ...
Source: www.infosecurity-magazine.com – Author: A surge in fraudulent “AI-powered” trading platforms has been observed exploiting deepfake technology and fabricated online content to deceive investors. According to a new investigation by Group-IB, scammers are deploying convincing fake videos, phony reviews show more ...
