Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Siemens ProductCERT ...

 Vulnerabilities

Siemens ProductCERT has recently issued a series of security advisories alerting users to several critical vulnerabilities found across various Siemens industrial and automation products. One of the most notable vulnerabilities in this update, tracked as CVE-2024-33698, affects the Siemens User Management Component   show more ...

(UMC). This flaw is a heap-based buffer overflow with a high severity rating of 9.8 according to the CVSS v3.1 scoring system.  Exploiting this vulnerability could allow unauthenticated remote attackers to execute arbitrary code, potentially leading to full system takeover. The impact spans multiple Siemens solutions, including Opcenter Quality (versions below V2406), Opcenter RDnL (below V2410), SIMATIC PCS neo, SINEC NMS, SINEMA Remote Connect Client (before V3.2 SP3), and the TIA Portal.  In response to this critical threat, Siemens has released software updates for the affected products. Furthermore, the Siemens security advisory from ProductCERT recommends that users filter network traffic on TCP ports 4002 and 4004, restricting access exclusively to trusted machines. In scenarios where Remote Terminal (RT) servers are not in use, blocking port 4004 entirely is advised. Additional operational security measures are outlined in Siemens’ Industrial Security guidelines, which users are encouraged to follow to further mitigate risk.  Alongside CVE-2024-33698, Siemens ProductCERT has also identified other notable vulnerabilities, including authentication bypasses in SIMATIC S7-1500 CPUs (CVE-2024-46887), critical information disclosure flaws in TeleControl Server Basic (CVE-2025-40765), multiple issues in RUGGEDCOM ROS devices, and XML External Entity (XXE) injection vulnerabilities (CVE-2025-40584) in SIMOTION and SINAMICS products.  Additional Siemens Vulnerabilities and Broad Security Concerns Beyond these immediate threats, Siemens ProductCERT advisories detail several other security weaknesses. These include a DLL hijacking vulnerability (CVE-2025-30033) impacting products such as SIMATIC WinCC Unified and SINEC NMS, SQL injection risks (CVE-2025-40755), and embedded browser flaws like the Google Chrome type confusion vulnerability (CVE-2025-6554).  Other issues involve firmware integrity flaws in SiPass integrated devices (CVE-2022-31807), authentication vulnerabilities in SIMATIC ET 200SP processors, and multiple risks in RUGGEDCOM ROS devices, some enabling remote code execution or denial-of-service attacks. Siemens continues to release patches and recommends strict network access controls and disabling unnecessary services to reduce attack surfaces.  Network Security and Operational Guidelines Across all advisories, Siemens stresses the fundamental importance of securing network access to industrial control (ICS) systems. Filtering communication to trusted IP addresses, disabling unused network services, and following Siemens’ Operational Guidelines for Industrial Security are core recommendations to prevent exploitation.  Siemens ProductCERT encourages organizations to maintain timely software updates, implement recommended mitigations, and consult product manuals for specific security configurations. The company also recognizes the contributions of external researchers in identifying these vulnerabilities, reinforcing a collaborative approach to cybersecurity. 

image for Why Airline Data Bre ...

 Cyber News

Airlines are a popular target for hackers in part because of the amount of personal data they collect – and no personal data is more coveted by cybercriminals than passports and government IDs. Passport and ID leaks pose a “severe, long-term identity theft risk,” according to personal data removal and privacy   show more ...

company Incogni. “Unlike credit cards, travel documents are difficult to replace and can be exploited for years in synthetic identity fraud, fake travel documents, and impersonation scams.” For that reason alone, this week’s leak of customer data from Qantas Airways by the Scattered LAPSUS$ Hunters threat group could have been worse. The leaked data included names, email addresses and Frequent Flyer details, a small amount of more personal data like addresses, dates of birth and phone numbers, but “no credit card details, personal financial information or passport details were impacted,” according to Qantas. While Qantas avoided the most damaging kind of leak, there’s still risk for consumers, Incogni notes. “Even when payment or passport data isn’t exposed, personal identifiers like names, dates of birth, and loyalty program details can be enough to drive large-scale fraud,” Darius Belejevas, Head of Incogni, told The Cyber Express. “Attackers often combine these records with information from other breaches to build detailed identity profiles.” The incident also highlights the growing risk of third-party vendors, as the incident was linked to Salesforce social engineering and third-party breaches. “The Qantas case shows how one compromised supplier can ripple across industries, exposing millions of customer records in a single incident,” Belejevas added. Airline Data Breaches Growing According to Cyble’s threat intelligence database, there have been more than 20 airline data breaches claimed by threat actors on the dark web thus far in 2025, up roughly 50% percent from the same period of 2024. Part of that increase is due to a focus on the sector by Scattered Spider and the larger Scattered LAPSUS$ Hunters alliance, but other threat groups seem to be targeting the airline sector too. The most recent incident occurred this week, when the CL0P ransomware group claimed to possess data from American Airlines regional carrier Envoy Air. Envoy Air confirmed the incident in a statement to The Cyber Express – but said no customer data was involved. “We are aware of the incident involving Envoy’s Oracle E-Business Suite application,” Envoy Air told The Cyber Express. “Upon learning of the matter, we immediately began an investigation and law enforcement was contacted. We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected. A limited amount of business information and commercial contact details may have been compromised.” WestJet, which suffered a data breach in June of this year, wasn’t as lucky, as the breach exposed some passenger travel documents like passports and other government-issued identification information. WestJet responded by offering affected customers 24 months of complimentary identity theft protection and monitoring services, but Incogni warns that compromised identity documents “can fuel fraud for much longer” than two years. Protecting Against Airline Data Breaches Incogni recommends that people impacted by airline data breaches - and travelers in general - take proactive steps to protect themselves, including: Enrolling in identity theft monitoring if offered. Reporting suspicious calls and phishing attempts to national anti-fraud hotlines such as the Canadian Anti-Fraud Centre or the FTC in the U.S. Using strong, unique passwords and multi-factor authentication on all online accounts. Removing personal information from data broker and people-search sites to cut off “one of the easiest shortcuts for scammers.” “Individuals and organizations need to better protect, and whenever possible by any means necessary not share, sensitive data in an era where it is now being used not just being stolen by cybercriminals and nation-states but also by legitimate organizations that are using it for their own purposes to manipulate specific outcomes,” Ron Zayas, CEO of Incogni, said in a statement.

image for European Authorities ...

 Cyber News

Seven suspects are now in custody after a cross-border crackdown dismantled a cybercrime service that powered more than 3,000 online scams across Europe, authorities said. Investigators seized servers, domains, and cryptocurrency wallets worth tens of thousands of euros, cutting off infrastructure that enabled fraud   show more ...

on a massive scale. The operation codenamed "SIMCARTEL", conducted by authorities from Austria, Estonia, and Latvia, uncovered a criminal network that provided essential technical infrastructure enabling cybercriminals to conduct large-scale fraud operations. The operation's scale demonstrates the industrial nature of modern cybercrime, where specialized service providers supply the technical capabilities that lower-level criminals lack. Five suspects of Latvian nationality were arrested during coordinated raids in Latvia, with two additional suspects apprehended as the investigation expanded. Law enforcement seized infrastructure that had been instrumental in enabling crimes across multiple European nations, representing a significant disruption to the cybercrime ecosystem. The Cybercriminal Infrastructure The seized 1,200 SIM box devices and 40,000 active SIM cards formed the backbone of the operation's capability to facilitate fraud at scale. SIM boxes are specialized devices that allow criminals to route calls and messages through multiple phone numbers simultaneously, disguising their true locations and identities. This technology enables various fraud schemes including bank fraud, authentication bypass, and social engineering attacks that rely on appearing to call from legitimate phone numbers. "Their online service provided telephone numbers from over 80 countries for criminal activities," Eurojust said. "The entire infrastructure allowed fraudsters to set up fake accounts on social media and other communication platforms to perpetrate the scams. They set up close to 50 million fake accounts for this purpose." Quantifying the Impact Investigators successfully attributed more than 1,700 individual cyber fraud cases in Austria and 1,500 cases in Latvia to this criminal network, illustrating the extensive reach of the operation. The financial impact has been devastating, with victims losing several million euros across affected countries. In Austria alone, financial losses attributed to the network amount to approximately €4.5 million. Latvia documented additional losses of €420,000, though investigators believe the true financial impact extends significantly beyond these confirmed figures as investigations continue across multiple jurisdictions. The attribution of specific fraud cases to this network required extensive forensic analysis and international cooperation. Each fraud case represents not just financial loss but also the compromise of personal information, erosion of trust in digital communications, and psychological harm to victims who fell prey to sophisticated social engineering schemes enabled by the network's infrastructure. The CaaS Business Model This operation exemplifies the cybercrime-as-a-service business model that has transformed the threat landscape. Rather than conducting fraud directly, the arrested suspects allegedly provided essential infrastructure that enabled other criminals to conduct operations. This specialization and division of labor mirrors legitimate business structures, creating efficiency and scale that individual criminals could never achieve. SIM box infrastructure solves a critical problem for cybercriminals: how to conduct fraud operations that require appearing to call or message from legitimate local phone numbers. Banking fraud schemes often require criminals to bypass two-factor authentication by intercepting SMS messages or calling victims while spoofing bank phone numbers. Romance scams and investment fraud require sustained communication from phone numbers that appear geographically proximate to victims. SIM boxes enable all these capabilities at scale. The CaaS model also provides criminal entrepreneurs with steady revenue streams. Rather than the unpredictable income from conducting fraud directly, infrastructure providers charge subscription fees or per-use charges to their criminal clients. This creates more stable and predictable criminal enterprises that can invest in improving their technical capabilities and evading law enforcement detection. This takedown follows similar high-profile operations against platforms like Genesis Market, which sold stolen credentials, and LabHost, a hosting service for criminal websites. Europol stressed that focusing on the backbone of cybercrime rather than only individual actors provides a more sustainable impact. Also read: Operation Cookie Monster: FBI Seizes Cybercrime Marketplace Genesis Market   Officials cautioned that while arrests and seizures disrupt operations, cybercriminals continuously seek new infrastructure. They encouraged private sector partners to report suspicious activity and strengthen monitoring to prevent similar services from resurfacing.

image for Google Patches Criti ...

 Vulnerabilities

Google has issued an urgent security update for its Chrome browser, addressing a high-severity vulnerability tracked as CVE-2025-11756. This flaw, which affects Chrome's Safe Browsing feature, could allow attackers to execute arbitrary code on users’ machines, posing a direct threat to user privacy and system   show more ...

security.  Details of the CVE-2025-11756 Vulnerability The vulnerability is a use-after-free flaw, an issue that arises when an application continues to use memory after it has been released. This type of memory corruption can lead to unpredictable behavior, including the potential for attackers to inject and execute malicious code.  In the case of CVE-2025-11756, the issue was found within Chrome’s Safe Browsing component. Safe Browsing is designed to shield users from malicious websites and harmful downloads. Because this feature operates with elevated privileges, any flaw within it is particularly critical.  According to Google's internal security classification, this vulnerability was rated High severity. If successfully exploited, it could allow cybercriminals to gain unauthorized access to a user’s system, potentially enabling them to install malware, exfiltrate data, or compromise user accounts.  Discovery and Bug Bounty Reward The vulnerability was discovered and responsibly disclosed by a security researcher known by the handle "asnine" on September 25, 2025. For their efforts, the researcher received a $7,000 reward through Google’s bug bounty program, which incentivizes independent security researchers to report security flaws.  Google publicly acknowledged the contribution, stating, “We would also like to thank all security researchers who worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”  Security Update Rollout In response to the vulnerability, Google released a security patch via Chrome version 141.0.7390.107/.108 for Windows and Mac, and version 141.0.7390.107 for Linux. The update began rolling out on October 14, 2025, and will continue to reach users globally over the following days and weeks.  The official release statement from Google’s Chrome team read:  “The Stable channel has been updated to 141.0.7390.107/.108 for Windows and Mac and 141.0.7390.107 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.”  To minimize risk, Google is restricting access to technical details of the vulnerability until a majority of users have installed the update. This strategy is aligned with their standard disclosure policy and aims to prevent active exploitation by malicious actors during the patch window.  Additionally, if the issue exists in shared third-party libraries used by other projects, disclosure may remain limited until those projects also deploy fixes.  Security Tools and Detection Measures To detect and mitigate vulnerabilities like CVE-2025-11756, Google relies heavily on advanced security tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL. These tools help identify potential flaws during the development and testing phases.  The fact that the vulnerability affects the Safe Browsing feature adds another layer of concern, as this component is central to Chrome’s protection mechanisms. Users are strongly advised to update their browsers immediately to ensure they are not left vulnerable.  While there are currently no public reports of this vulnerability being exploited in the wild, delays in updating can leave systems open to attack, especially once details about the flaw become more widely known. 

image for Critical AEM Vulnera ...

 Firewall Daily

A new vulnerability in Adobe Experience Manager (AEM) Forms has been confirmed as actively exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2025-54253, affects Adobe Experience   show more ...

Manager (AEM) Forms on Java Enterprise Edition (JEE) and was first patched in August 2025.  Misconfiguration Leads to Remote Code Execution  CVE-2025-54253 stems from a misconfiguration in AEM Forms that leaves the Apache Struts framework in “devMode” within the admin interface. This setting, combined with an authentication bypass, allows unauthenticated attackers to execute expressions that Struts evaluates, opening the door to remote code execution (RCE).  The vulnerability can be exploited through low-complexity attacks, requires no user interaction, and impacts AEM Forms versions 6.5.23.0 and earlier. Security researchers identified that the root cause is a failure to properly secure developer mode configurations, which should not be exposed in production environments.  Public Exploits Accelerate the CVE-2025-54253 Threat  Prior to Adobe’s patch release, proof-of-concept (PoC) exploits for both CVE-2025-54253 and a related issue, CVE-2025-54254, were publicly shared. These PoCs likely accelerated exploitation attempts by threat actors. Despite both vulnerabilities being publicly known, only CVE-2025-54253 has so far been added to the KEV catalog.  CISA has not clarified whether attackers are leveraging the public PoC directly or if they have developed their own methods of exploitation. The agency typically does not disclose technical details or attribution when updating the KEV catalog.  Adobe Patch Released in August 2025  Adobe addressed both vulnerabilities on August 5, 2025 through Security Bulletin APSB25-82. The company urged all users of AEM Forms on JEE to upgrade to version 6.5.0-0108 or later. At the time of the advisory, Adobe stated it was not aware of any active exploitation, though that situation has now changed with CISA's confirmation.  The second vulnerability, CVE-2025-54254, involves an Improper Restriction of XML External Entity Reference (CWE-611), which could allow an arbitrary file system to be read. While critical, it has not yet been confirmed as actively exploited.  Federal Agencies Ordered to Patch by November  CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary updates by November 5, 2025. This directive is part of a broader effort to secure federal networks from known high-risk threats.  The affected vulnerabilities have received critical CVSS base scores:  CVE-2025-54253 (Incorrect Authorization): CVSS 10.0, enabling arbitrary code execution  CVE-2025-54254 (XXE Vulnerability): CVSS 8.6, enabling arbitrary file reads  Both vulnerabilities were reported to Adobe by Shubham Shah and Adam Kues of Assetnote, who worked with the vendor to coordinate disclosure and remediation.  While the AEM platform is a key component in digital experience delivery for many enterprises, misconfigurations like this one can introduce risks, particularly when they expose development features in production environments. The combination of Java Enterprise Edition (JEE) complexity and web-accessible admin interfaces increases the attack surface for products like AEM.  System administrators running Adobe Experience Manager Forms on JEE are strongly urged to verify that their systems are not running affected versions and to apply the latest security updates immediately. If immediate patching is not feasible, isolating AEM Forms from internet access, especially when deployed as a standalone service, can serve as a temporary mitigation. 

image for Links to porn and on ...

 Business

If your corporate website’s search engine rankings suddenly drop for no obvious reason, or if clients start complaining that their security software is blocking access or flagging your site as a source of unwanted content, you might be hosting a hidden block of links. These links typically point to shady websites,   show more ...

such as pornography or online casinos. While these links are invisible to regular users, search engines and security solutions scan and factor them in when judging your website’s authority and safety. Today, we explain how these hidden links harm your business, how attackers manage to inject them into legitimate websites, and how to protect your website from this unpleasantness. Why hidden links are a threat to your business First and foremost, hidden links to dubious sites can severely damage your site’s reputation and lower its ranking, which will immediately impact your position in search results. This is because search engines regularly scan websites’ HTML code, and are quick to discover any lines of code that attackers may have added. Using hidden blocks is often viewed by search algorithms as a manipulative practice: a hallmark of black hat SEO (also known simply as black SEO). As a result, search engines lower the ranking of any site found hosting such links. Another reason for a drop in search rankings is that hidden links typically point to websites with a low domain rating, and content irrelevant to your business. Domain rating is a measure of a domain’s authority — reflecting its prestige and the quality of information published on it. If your site links to authoritative industry-specific pages, it tends to rise in search results. If it links to irrelevant, shady websites, it sinks. Furthermore, search engines view hidden blocks as a sign of artificial link building, which, again, penalizes the victim site’s placement in search results. The most significant technical issue is the manipulation of link equity. Your website has a certain reputation or authority, which influences the ranking of pages you link to. For example, when you post a helpful article on your site, and link to your product page or contacts section, you’re essentially transferring authority from that valuable content to those internal pages. The presence of unauthorized external links siphons off this link equity to external sites. Normally, every internal link helps search engines understand which pages on your site are most important — boosting their position. However, when a significant portion of this equity leaks to dubious external domains, your key pages receive less authority. This ultimately causes them to rank lower than they should — directly impacting your organic traffic and SEO performance. In the worst cases, the presence of these links can even lead to conflicts with law enforcement, and entail legal liability for distributing illegal content. Depending on local laws, linking to websites with illegal content could result in fines or even the complete blocking of your site by regulatory bodies. How to check your site for hidden links The simplest way to check your website for blocks of hidden links is to view its source code. To do this, open the site in browser and press Ctrl+U (in Windows and Linux) or Cmd+Option+U (in macOS). A new tab will open with the page’s source code. In the source code, look for the following CSS properties that can indicate hidden elements: display:none visibility:hidden opacity:0 height:0 width:0 position:absolute These elements relate to CSS properties that make blocks on the page invisible — either entirely hidden or reduced to zero size. Theoretically, these properties can be used for legitimate purposes — such as responsive design, hidden menus, or pop-up windows. However, if they’re applied to links or entire blocks of link code, it could be a strong sign of malicious tampering. Additionally, you can search the code for keywords related to the content that hidden links most often point to, such as “porn”, “sex”, “casino”, “card”, and the like. For a deep dive into the specific methods attackers use to hide their link blocks on legitimate sites, check out our separate, more technical Securelist post. How do attackers inject their links into legitimate sites? To add an invisible block of links to a website, attackers first need the ability to edit your pages. They can achieve this in several ways. Compromising administrator credentials The dark web is home to a whole criminal ecosystem dedicated to buying and selling compromised credentials. Initial-access brokers will provide anyone with credentials tied to virtually any company. Attackers obtain these credentials through phishing attacks or stealer Trojans, or simply by scouring publicly available data breaches from other websites in the hope that employees reuse the same login and password across multiple platforms. Additionally, administrators might use overly simple passwords, or fail to change the default CMS credentials. In these cases, attackers can easily bruteforce the login details. Gaining access to an account with administrator privileges gives criminals broad control over the website. Specifically, they can edit the HTML code, or install their own malicious plugins. Exploiting CMS vulnerabilities We frequently discuss various vulnerabilities in CMS platforms and plugins on our blog. Attackers can leverage these security flaws to edit template files (such as header.php, footer.php, or index.php), or directly insert blocks of hidden links into arbitrary pages across the site. Compromising the hosting provider In some cases, it’s the hosting company that gets compromised rather than the website itself. If the server hosting your website code is poorly protected, attackers can breach it and gain control over the site. Another common scenario concerns a server that hosts sites for many different clients. If access privileges are configured incorrectly, compromising one client can give criminals the ability to reach other websites hosted on that same server. Malicious code blocks in free templates Not all webmasters write their own code. Budget-conscious and unwary web designers might try to find free templates online and simply customize them to fit the corporate style. The code in these templates can also contain covert blocks inserted by malicious actors. How do you protect your site from hidden links? To secure your website against the injection of hidden links and its associated consequences, we recommend taking the following steps: Avoid using questionable third-party templates, themes, or any other unverified solutions to build your website. Promptly update both your CMS engine and all associated themes and plugins to their latest versions. Routinely audit your plugins and themes, and immediately delete the ones you don’t use. Regularly create backups of both your website and database. This ensures you can quickly restore your website’s operation in the event of compromise. Check for unnecessary user accounts and excessive access privileges. Promptly delete outdated or unused accounts, and establish only the minimum necessary privileges for active ones. Establish a strong password policy and mandatory two-factor authentication for all accounts with admin privileges. Conduct regular training for employees on basic cybersecurity principles. The Kaspersky Automated Security Awareness Platform can help you automate this process.

image for Email Bombs Exploit ...

 A Little Sunshine

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to   show more ...

contact companies for customer support issues. Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different Zendesk customers, such as CapCom, CompTIA, Discord, GMAC, NordVPN, The Washington Post, and Tinder. The abusive missives sent via Zendesk’s platform can include any subject line chosen by the abusers. In my case, the messages variously warned about a supposed law enforcement investigation involving KrebsOnSecurity.com, or else contained personal insults. Moreover, the automated messages that are sent out from this type of abuse all come from customer domain names — not from Zendesk. In the example below, replying to any of the junk customer support responses from The Washington Post’s Zendesk installation shows the reply-to address is help@washpost.com. One of dozens of messages sent to me this week by The Washington Post. Notified about the mass abuse of their platform, Zendesk said the emails were ticket creation notifications from customer accounts that configured their Zendesk instance to allow anyone to submit support requests — including anonymous users. “These types of support tickets can be part of a customer’s workflow, where a prior verification is not required to allow them to engage and make use of the Support capabilities,” said Carolyn Camoens, communications director at Zendesk. “Although we recommend our customers to permit only verified users to submit tickets, some Zendesk customers prefer to use an anonymous environment to allow for tickets to be created due to various business reasons.” Camoens said requests that can be submitted in an anonymous manner can also make use of an email address of the submitter’s choice. “However, this method can also be used for spam requests to be created on behalf of third party email addresses,” Camoens said. “If an account has enabled the auto-responder trigger based on ticket creation, then this allows for the ticket notification email to be sent from our customer’s accounts to these third parties. The notification will also include the Subject added by the creator of these tickets.” Zendesk claims it uses rate limits to prevent a high volume of requests from being created at once, but those limits did not stop Zendesk customers from flooding my inbox with thousands of messages in just a few hours. “We recognize that our systems were leveraged against you in a distributed, many-against-one manner,” Camoens said. “We are actively investigating additional preventive measures. We are also advising customers experiencing this type of activity to follow our general security best practices and configure an authenticated ticket creation workflow.” In all of the cases above, the messaging abuse would not have been possible if Zendesk customers validated support request email addresses prior to sending responses. Failing to do so may make it easier for Zendesk clients to handle customer support requests, but it also allows ne’er-do-wells to sully the sender’s brand in service of disruptive and malicious email floods.

image for AI Agent Security: W ...

 Feed

The shared responsibility model of data security, familiar from cloud deployments, is key to agentic services, but cybersecurity teams and corporate users often struggle with awareness and managing that risk.

 Feed

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware," the Microsoft Threat Intelligence team said in a post shared on X. The tech

 Feed

Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including

 Feed

The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn't some dystopian fantasy—it's Tuesday at the office now. We've entered a new phase where autonomous AI agents act with serious system privileges. They

 Feed

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming

2025-10
Aggregator history
Friday, October 17
WED
THU
FRI
SAT
SUN
MON
TUE
OctoberNovemberDecember