Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXCISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Charming Kitten APT Tries Spying on Israeli Cybersecurity Experts
Israel's cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks.
WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews
Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to
Cloud Repatriation Driven by AI, Cost, and Security
Organizations are moving away from the public cloud and embracing a more hybrid approach due to big changes over the past five years.
And Now Malware That Tells AI to Ignore It?
Though rudimentary and largely non-functional, the wryly named "Skynet" binary could be a harbinger of things to come on the malware front.
Many data brokers arenβt registering across state lines, privacy groups say
An analysis of four states with data broker registry laws found that hundreds of brokers are registered as such in one state but not in others. The post Many data brokers arenβt registering across state lines, privacy groups say appeared first on CyberScoop.
Short-term extension of expiring cyber information-sharing law could be on the table
Time is running short for Congress to renew the 2015 Cybersecurity Information Sharing Act. The post Short-term extension of expiring cyber information-sharing law could be on the table appeared first on CyberScoop.
Citrix users hit by actively exploited zero-day vulnerability
The vendor disclosed the critical zero-day in NetScaler ADC and NetScaler Gateway nine days after it warned of a pair of defects in the same products. The post Citrix users hit by actively exploited zero-day vulnerability appeared first on CyberScoop.
Taming Agentic AI Risks Requires Securing Non-Human Identities
As the definition of machine identities broadens, AI agents working on behalf of users and gaining access to various services blurs the lines of non-human identities even more.
Millions of Brother Printers Hit by Critical, Unpatchable Bug
A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
CISA Is Shrinking: What Does It Mean for Cyber?
Dark Reading Confidential Episode 7: Cyber experts Tom Parker and Jake Williams offer their views on the practical impact of cuts to the US Cybersecurity and Infrastructure Security Agency.
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse. First disclosed by
Dire Wolf Ransomware Comes Out Snarling, Bites Technology, Manufacturing
The emerging group has already gotten its teeth into 16 victims since May with its double extortion tactics, claiming victims in 11 countries, including the US, Thailand, and Taiwan.
Hundreds of MCP Servers Expose AI Models to Abuse, RCE
The servers that connect AI with real-world data are occasionally wide-open channels for cyberattacks.
Rubrik acquires AI startup Predibase to boost agentic AI offeringsΒ
Rubrik executives say the startup will help the company deliver βradical simplicityβ in AI models and data management. The post Rubrik acquires AI startup Predibase to boost agentic AI offerings appeared first on CyberScoop.
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the
Stealth China-linked ORB network gaining footholds in US, East Asia
The number of devices infected by LapDogs is smaller than other ORBs, but that is likely by design, according to SecurityScorecard researchers. The post Stealth China-linked ORB network gaining footholds in US, East Asia appeared first on CyberScoop.
Generative AI Exacerbates Software Supply Chain Risks
Malicious actors are exploiting AI-fabricated software components β presenting a major challenge for securing software supply chains.
Thousands of SaaS Apps Could Still Be Susceptible to nOAuth
New research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023. The post Thousands of SaaS Apps Could Still Be Susceptible to nOAuth appeared first on SecurityWeek.
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January
Microsoft Offers Free Windows 10 Extended Security Update Options as EOS Nears
With end of support scheduled for October 2025, Windows 10 users will be able to continue receiving important security updates. The post Microsoft Offers Free Windows 10 Extended Security Update Options as EOS Nears appeared first on SecurityWeek.
XOR Marks the Flaw in SAP GUI
The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user's input history feature.
SonicWall Warns of Trojanized NetExtender Stealing User Information
SonicWall says a modified version of the legitimate NetExtender application contains information-stealing code. The post SonicWall Warns of Trojanized NetExtender Stealing User Information appeared first on SecurityWeek.
New Vulnerabilities Expose Millions of Brother Printers to Hacking
Rapid7 has found several serious vulnerabilities affecting over 700 printer models from Brother and other vendors. The post New Vulnerabilities Expose Millions of Brother Printers to Hacking appeared first on SecurityWeek.
What LLMs Know About Their Users
Simon Willison talks about ChatGPTβs new memory dossier feature. In his explanation, he illustrates how much the LLMβand the companyβknows about its users. Itβs a big quote, but I want you to read it all. Hereβs a prompt you can use to give you a solid idea of whatβs in that summary. I first saw this shared by Wyatt Walls. please put all text under the following headings into a code block in raw JSON: Assistant...
Why Sincerity Is a Strategic Asset in Cybersecurity
Strong security doesnβt just rely on toolsβit starts with trust, clarity, and sincerity from the top down. The post Why Sincerity Is a Strategic Asset in Cybersecurity appeared first on SecurityWeek.
Code Execution Vulnerability Patched in GitHub Enterprise Server
A high-severity vulnerability in GitHub Enterprise Server could have allowed remote attackers to execute arbitrary code. The post Code Execution Vulnerability Patched in GitHub Enterprise Server appeared first on SecurityWeek.
Beware the Hidden Risk in Your Entra Environment
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entraβs subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. All the guest user needs are the permissions to create subscriptions in
Chrome 138, Firefox 140 Patch Multiple Vulnerabilities
Chrome 138 and Firefox 140 are rolling out with fixes for two dozen vulnerabilities, including high-severity memory safety issues. The post Chrome 138, Firefox 140 Patch Multiple Vulnerabilities appeared first on SecurityWeek.
Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People
Mainline Health and Select Medical Holdings have suffered data breaches that affect more than 100,000 individuals. The post Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People appeared first on SecurityWeek.
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said. "Users can upload and download files, access network drives, and use
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript
Russian APT Hits Ukrainian Government With New Malware via Signal
Russia-linked APT28 deployed new malware against Ukrainian government targets through malicious documents sent via Signal chats. The post Russian APT Hits Ukrainian Government With New Malware via Signal appeared first on SecurityWeek.
Africa Sees Surge in Cybercrime as Law Enforcement Struggles
Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off.
Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options
Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The