NextGov reports: At DEF CON, Alexei Bulazel said AI-powered tools will give software developers “incredible abilities” to harden networks by adding multilayered checks to the code-scanning process and catching flaws that might otherwise slip through. In the next era of cybersecurity, the best defensive tool may be a line of AI-assisted code, according to President […]
“Hey, no fair!” reports Mashable: Windows users should think about reinforcing their antivirus software. And while Microsoft Defender should provide a line of defense against ransomware, a new report claims that hackers have found a way to get around the ransomware tool to infect PCs with ransomware. A GuidePoint Security report (via BleepingComputer) found that hackers are using Akira […]
The Register reports: SonicWall on Monday confirmed that it’s investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs. “SonicWall is actively investigating a recent increase in reported cyber incidents involving a number of Gen 7 firewalls running various firmware versions with […]
The Indian Express reports: A cybersecurity researcher has identified critical vulnerabilities in an app developed by sex toy manufacturer Lovense that not only exposed the private email addresses of users but also enabled threat actors to hijack a user’s account on the platform. The anonymous researcher published their findings about the two in-app security flaws […]
The Hacker News reports: A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49704 (CVSS score: 8.8), a code injection and remote code execution bug in Microsoft SharePoint Server that was […]
TechCrunch reports: Hackers are targeting a previously reported bug in the Signal clone app TeleMessage in an effort to steal users’ private data, according to security researchers and a U.S. government agency. TeleMessage, which earlier this year was revealed to be used by high-ranking officials in the Trump administration, already experienced at least one data breach in May. […]
Recorded Future reports: The federal cybersecurity watchdog ordered all civilian agencies to immediately patch a vulnerability impacting several NetScaler products used by organizations to manage network traffic. The Cybersecurity and Infrastructure Security Agency (CISA) added the bug — tracked as CVE-2025-5777 — to its catalog of known exploited vulnerabilities on Thursday afternoon but took the extraordinary step […]
Bleeping Computer reports: A critical NetScaler ADC and Gateway vulnerability dubbed “Citrix Bleed 2” (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. Citrix Bleed 2, named by cybersecurity researcher Kevin Beaumont due to its similarity to the original Citrix Bleed (CVE-2023-4966), is […]
NetSec reports: The Qilin ransomware group has been noticed exploiting two critical vulnerabilities present in FortiOS/FortiProxy equipment. Although the group seems to be focusing on countries with Spanish language, it is likely that attacks exploiting these vulnerabilities will spread to other countries. The Qilin ransomware-as-a-service (RaaS) operation appeared in August 2022, known first as Agenda. Although it is not […]
The Record reports: Ransomware gangs have been exploiting a vulnerability in remote device control software SimpleHelp during a recent string of attacks, according to federal cybersecurity officials. The Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that CVE-2024-57727 — a vulnerability affecting SimpleHelp’s widely-used remote access tools — was exploited to “compromise customers of […]
