Topic: software vulnerabilities
-
Cybercrime Broker Admits Selling Access to 50 Corporate Networks
A Jordanian man, Feras Khalil Ahmad Albashiti, pleaded guilty to fraud for selling illegal access to the networks of dozens of major corporations via cybercrime forums, including to an undercover FBI agent. His criminal activities involved exploiting critical software vulnerabilities to sell netw...
Read More » -
Trend Micro Apex Central RCE PoC Released (CVE-2025-69258)
Trend Micro has issued a critical security update for its Apex Central on-premise platform, addressing multiple vulnerabilities, including a severe one (CVE-2025-69258) that allows unauthenticated attackers to execute code with SYSTEM privileges. The vulnerabilities, discovered by Tenable, involv...
Read More » -
Michigan Man's "Catch a Cheater" App Backfires, Proving It Illegal
A Michigan developer pleaded guilty to federal charges for creating pcTattletale, software marketed for legal oversight but widely used for illegal spying on adults without consent, violating wiretapping laws. The software secretly recorded device activity like keystrokes and messages, and compan...
Read More » -
2025's Most Devastating Cyberattacks Exposed
The cyber threat landscape has shifted towards sophisticated supply chain attacks, where breaches of third-party vendors like Gainsight and Salesloft led to widespread data exposure at major corporations including Cloudflare, Verizon, and Cisco. The Clop ransomware group exploited a critical vuln...
Read More » -
Secure SDLC: A Manufacturer's Critical Defense
The Jaguar Land Rover cyberattack was a catastrophic manufacturing breach that halted production, caused billions in economic damage, and forced UK government intervention, highlighting severe supply chain vulnerabilities. Cybercriminals increasingly exploit software supply chains, using tactics ...
Read More » -
React, Node.js Flaws Fixed, Ransomware Exposes Spy Threat
A critical vulnerability in React Server Components and high-severity Android flaws were patched, urging immediate updates due to potential exploitation. Law enforcement disrupted a major cryptocurrency laundering service, while a ransomware attack exposed a hidden, long-term espionage operation ...
Read More » -
Noisy Ransomware Uncovered a Long-Term Espionage Operation
A ransomware group's disruptive attack on two Russian companies inadvertently exposed a long-running, sophisticated cyber espionage operation, highlighting how a visible breach can mask a more insidious threat. The espionage group, QuietCrabs, used a stealthy multi-stage attack with unique malwar...
Read More » -
How Supply Chain Sprawl Is Reshaping Security
Businesses face significant cybersecurity risks due to supply chain sprawl, with vendor-related threats being a primary concern, especially for large enterprises and sensitive sectors. A lack of visibility into vendor security practices and outdated risk assessments leave organizations vulnerable...
Read More » -
Microsoft Fixes Windows 10 Update With New Patch
Microsoft released a patch to fix a bug preventing Windows 10 devices from enrolling in the Extended Security Updates (ESU) program, ensuring uninterrupted security coverage for eligible systems. The glitch disrupted the manual enrollment process, leaving affected computers unable to receive vita...
Read More » -
Ransomware Groups Pivot as Victims Stop Paying
Ransomware payment rates have plummeted to just 23% in Q3 2025, significantly undermining the financial model of cybercriminals and marking a victory for cybersecurity efforts. Attackers are increasingly relying on social engineering tactics like insider threats, helpdesk impersonation, and callb...
Read More » -
Ransomware Profits Plummet as Victims Refuse to Pay
Ransomware payment rates have hit a record low of 23%, driven by improved corporate defenses and pressure from authorities not to pay cybercriminals. Attackers are increasingly using "double extortion" tactics, with data theft involved in over 76% of incidents, though payment rates for such attac...
Read More » -
Crypto at Risk: The Dangers of Outdated Encryption
The cryptocurrency industry faces critical security vulnerabilities, with no tested applications supporting post-quantum encryption and millions of user records already circulating on dark web markets, creating a "Harvest Now, Decrypt Later" risk. Despite overall concerns, exchanges like Coinbase...
Read More » -
F5 Hack Puts Thousands of Networks at Imminent Risk
A sophisticated nation-state hacking group breached F5's network, exposing proprietary source code and undisclosed vulnerability data, endangering thousands of government and corporate networks that rely on BIG-IP appliances. The attackers maintained persistent access for years, gaining control o...
Read More » -
Tenable Achieves PROTECTED IRAP & Hits Record Patch Tuesday
Tenable Cloud Security has achieved PROTECTED level certification under Australia's IRAP, validating its robust security controls for government cloud deployments and enabling informed risk-based decisions. The platform addresses multi-cloud security challenges by integrating security throughout ...
Read More » -
C-Suite's AI Obsession Fuels Critical Security Gaps
Modern organizations face significant security vulnerabilities due to a disconnect between rapid technological adoption and inadequate security practices, with 34% experiencing AI-related breaches. Many companies rely on outdated, reactive metrics like incident frequency, which only assess damage...
Read More » -
A Dangerous Worm Is Infecting Software Packages
A self-replicating worm named Shai-Hulud has infected hundreds of open-source JavaScript packages on NPM, actively seeking credentials to spread further and escalating software supply chain risks. Major U.S. tech firms like IBM and Microsoft have supplied surveillance technology to China, support...
Read More » -
Irregular Raises $80M to Fortify Frontier AI Security
Irregular has raised $80 million in a funding round, valuing the company at $450 million, reflecting strong investor confidence in AI security solutions. The company, formerly Pattern Labs, uses its SOLVE framework and simulated environments to test AI models for vulnerabilities and emergent risk...
Read More » -
Don't Wait on NVD: Get Real-Time Vulnerability Alerts Instantly
Vulnerability management is essential for cybersecurity, but many organizations struggle to keep up with emerging threats due to the high volume of software components and actively exploited vulnerabilities. SecAlerts offers a modern solution by providing real-time, customized vulnerability alert...
Read More » -
Apple's Bold Move to End iPhone's Biggest Security Flaws
Apple's new iPhone lineup introduces Memory Integrity Enforcement, a hardware and software feature designed to protect against memory-safety vulnerabilities often exploited by attackers. Memory-safety issues, frequently caused by programming errors in languages like C and C++, have long been a pr...
Read More » -
September 2025 Patch Tuesday: What to Expect from the CVE Matrix
CVE identifiers provide a universal system for cataloging and assessing software vulnerabilities, enabling organizations to prioritize and apply security patches effectively. Vulnerability scanners and Software Bills of Materials (SBOMs) help identify and manage security risks by linking system c...
Read More » -
DARPA Announces $4M AI Cyber Challenge Winners in Security Showdown
Team Atlanta won DARPA's AI Cyber Challenge (AIxCC) with a $4 million prize, developing AI solutions for critical infrastructure protection with experts from Georgia Tech and Samsung Research. Trail of Bits and Theori secured second and third place, contributing open-source cyber reasoning system...
Read More »