Topic: cybersecurity vulnerabilities
-
Microsoft patches exploited Office zero-day, Fortinet fixes SSO flaw
Microsoft and Fortinet issued emergency patches for critical, actively exploited vulnerabilities (CVE-2026-21509 in Office and CVE-2026-24858 in FortiCloud), highlighting the persistent threat of unpatched software. Attackers are using sophisticated methods, like disguising malware in Windows scr...
Read More » -
US Cargo Firm Exposes Shipping Systems and Customer Data Online
Security experts warn that cyberattacks on logistics firms are enabling large-scale cargo theft, creating a dangerous alliance between hackers and organized crime that threatens global supply chains. A researcher discovered severe vulnerabilities in Bluspark Global's shipping software, including ...
Read More » -
Riot Games Uncovers Motherboard Flaw Exploited by PC Cheaters
A critical security vulnerability in modern motherboards, exposed by Riot Games, allowed cheaters to bypass anti-cheat systems by exploiting Direct Memory Access hardware during system startup. Major hardware manufacturers have issued critical BIOS updates to fix the flaw, which Riot's Vanguard a...
Read More » -
US agencies urged to patch Cisco firewalls amid active attacks
U.S. federal agencies must immediately patch vulnerable Cisco firewalls due to active exploitation of security flaws in Cisco ASA software by sophisticated threat actors. CISA's emergency directive highlights that many federal systems remain unpatched, risking critical infrastructure and sensitiv...
Read More » -
CISA Alerts: 2 New Dassault Flaws Under Active Attack
CISA warns that two new security flaws in Dassault Systèmes' DELMIA Apriso platform are being actively exploited, posing risks to manufacturing operations management. The vulnerabilities include CVE-2025-6205, allowing unauthenticated remote access, and CVE-2025-6204, enabling code injection, wit...
Read More » -
Cisco ASA Zero-Day & Fortra GoAnywhere Under Active Attack
A wave of sophisticated cyberattacks is exploiting newly discovered zero-day vulnerabilities in critical enterprise infrastructure, including Cisco's ASA and Fortra's GoAnywhere, posing significant risks to organizational networks and sensitive data. Law firms are increasingly targeted by cybercr...
Read More » -
Your Critical Infrastructure Is at Risk - Act Now
Outdated and unsupported technology in critical national infrastructure creates predictable vulnerabilities that are regularly exploited, undermining national resilience and public safety. The healthcare sector is the most exposed due to its reliance on obsolete systems, with high risks also in w...
Read More » -
The Hidden Flaw in Your Password Manager
A study reveals critical flaws in the "zero knowledge" encryption of major cloud-based password managers like Bitwarden and LastPass, potentially allowing attackers to access or modify vaults, especially when features like password recovery are enabled. The US State Department has revived "freedo...
Read More » -
CISA Mandates Federal Agencies Replace Outdated Edge Devices
CISA mandates federal agencies to urgently replace end-of-life network hardware like routers and firewalls, as these unsupported devices are a critical vulnerability to cyberattacks. Agencies must follow strict deadlines, including creating an inventory within three months and fully replacing all...
Read More » -
OpenAI Seeks New Head of Preparedness to Lead Safety Efforts
OpenAI is recruiting a Head of Preparedness to lead proactive identification and mitigation of catastrophic AI risks, from cybersecurity threats to long-term dangers, as part of its formal Preparedness Framework. CEO Sam Altman highlighted specific concerns driving this focus, including AI models...
Read More » -
Millions of PornHub Users' Data Stolen in Extortion Hack
U.S. border agencies are expanding surveillance by deploying small drones operationally and enhancing cybersecurity to monitor employees, amid investigations into leaks. Major data breaches include the theft of over 200 million user records from PornHub by hackers and the rise of AI tools like Ha...
Read More » -
Pennsylvania AG Confirms Data Breach in INC Ransom Attack
The Pennsylvania Attorney General's office experienced a ransomware attack in August 2025, leading to a data breach where cybercriminals stole sensitive personal and medical information, but officials refused to pay the ransom. The attack exploited vulnerabilities in public-facing Citrix NetScale...
Read More » -
Ex-Developer Jailed for Revenge "Kill Switch" After Firing
A former software engineer was sentenced to four years in prison for embedding a destructive "kill switch" in his employer's network, which activated upon his termination and locked out thousands of users globally. The malicious code, including scripts named "Hakai" and "IsDLEnabledinAD," caused ...
Read More » -
Dating App Leak Exposes 13,000 Women's Private Images
A major dating app breach exposed 72,000 private verification photos, including 13,000 sensitive selfies and ID documents, raising concerns about digital privacy protections. The app, which marketed itself as a safer platform for women, retained archived verification photos due to legal requireme...
Read More » -
DOGE May Have Exposed Millions of SSNs on Insecure Server
A Senate report reveals that personnel from Elon Musk's DOGE team are operating a cloud server containing millions of Americans' sensitive personal data, including Social Security numbers, without adequate protective measures. The exposed database includes actual production data such as birth det...
Read More » -
Inside Moltbook: The Social Network Run by AI Agents
Moltbook is an AI-exclusive social network where bots generate all content, but its reality is less autonomous than advertised, with much activity likely driven by human direction. The platform highlights immediate security risks, such as exposed private data due to basic vulnerabilities, rather ...
Read More » -
UK NCSC Warns of Rising Prompt Injection Attack Threats
The UK's National Cyber Security Centre warns that prompt injection attacks on large language models (LLMs) may be fundamentally unsolvable, as LLMs inherently do not distinguish between data and instructions. Instead of seeking a perfect fix, organizations must focus on risk reduction by impleme...
Read More » -
Nike Hit by 1.4TB Data Breach, Ransomware Group Claims
Nike is investigating a major cybersecurity incident after the World Leaks ransomware group claimed to have published roughly 1.4 terabytes of internal company data, including sensitive business documents. The leaked files contain core operational information like product designs, supply chain de...
Read More » -
UK Drops Apple Encryption Demand After US Pressure
The UK has reversed its policy requiring Apple to provide access to encrypted user data, following diplomatic pressure from the US, marking a win for digital privacy advocates. US officials, including the director of national intelligence, argued that the UK's demand would undermine encryption st...
Read More » -
Senators Probe Waymo, Tesla on Robotaxi Safety and China Ties
Executives from Waymo and Tesla advocated for federal self-driving car legislation, but a Senate hearing revealed deep divisions over safety, liability, and competition from China, stalling consensus. Lawmakers sharply questioned the companies' safety records, citing specific incidents with Waymo...
Read More »