PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of a critical vulnerability that could let attackers trigger denial-of-service (DoS) conditions by exploiting flawed DNS-over-HTTPS (DoH) exchanges. The flaw, tracked as CVE-2025-30194 (CVSS score: 7.5), affects DNSdist versions 1.9.0…
Category: EN
AirBorne flaws can lead to fully hijack Apple devices
Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can…
Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud
As businesses continue to embrace digital transformation, hybrid cloud environments—comprising a combination of on-premises infrastructure and public/private cloud resources—have become increasingly popular. The flexibility, scalability, and cost-efficiency offered by the cloud are undeniable, but they also introduce a unique set…
WhatsApp Unveils New AI Features While Ensuring Full Message Secrecy
WhatsApp, the world’s most popular messaging platform, has announced a major expansion of artificial intelligence (AI) capabilities, promising to enhance user experience while reinforcing its longstanding commitment to privacy and message secrecy. Meta, WhatsApp’s parent company, has integrated its generative…
Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code – PoC Released
Security researcher Nafiez has publicly disclosed a previously unknown vulnerability affecting Windows LNK files (shortcuts) that can potentially allow attackers to execute code remotely without user interaction. Despite releasing a working proof-of-concept (PoC), Microsoft has declined to patch the flaw,…
Product showcase: Ledger Flex secure crypto wallet
The Ledger Flex is a hardware wallet designed for the secure storage of cryptocurrencies and NFTs. It combines security features with a user-friendly interface, making it suitable for both beginners and more experienced users. Ledger Flex stores your private keys…
Trellix DLP Endpoint Complete prevents data leaks in Windows and macOS
Trellix announced advancements to Trellix DLP Endpoint Complete, available globally in Q2 2025. New offerings and features incorporate intelligent capabilities to enhance Trellix’s data loss prevention (DLP) solutions, enabling customers to protect sensitive information in non-text file formats, strengthen compliance…
Cybersecurity Incidents: Musk’s Staffers, Canadian Power Utility Attack, and Massive Password Leak
In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. Two members of Elon Musk’s ‘Department of Government Efficiency’ reportedly gained access to classified US nuclear networks, though accounts were never activated. Nova Scotia Power…
DragonForce Ransomware behind Mark and Spencer digital outage
Almost a week ago, renowned UK-based retailer Marks & Spencer (M&S) became the victim of a devastating cyber attack that left the company in full-blown disruption mode. The retailer, known for its wide range of quality clothing, food, and household…
Wormable AirPlay Zero-Click RCE Flaw Allows Remote Device Hijack via Wi-Fi
A major set of vulnerabilities-collectively named “AirBorne”-in Apple’s AirPlay protocol and SDK have been unveiled, enabling an array of severe attack vectors. Most critically, these flaws allow zero-click “wormable” Remote Code Execution (RCE), meaning attackers can take over Apple and third-party…
Mobile security is a frontline risk. Are you ready?
The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. For enterprises, mobile is no longer a secondary risk. It’s now one of the primary attack surfaces. CVE…
Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations
A high court in the Indian state of Karnataka has ordered the blocking of end-to-end encrypted email provider Proton Mail across the country. The High Court of Karnataka, on April 29, said the ruling was in response to a legal…
Chrome 136 Fixes 20-Year-Old Privacy Bug in Latest Update
Google has begun rolling out Chrome 136 to the stable channel for Windows, Mac, and Linux, bringing significant security and privacy upgrades to millions of users worldwide. The update, set to be distributed over the coming days and weeks, addresses…
Villain: Open-source framework for managing and enhancing reverse shells
Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, Villain enhances these shells with added functionality, offering commands and utilities, and allowing for shell sessions sharing across…
GitAuto Strengthens Code Security By Automating QA At Scale
In the current software landscape, security breaches caused by untested or poorly tested code are both common and costly. While automated testing is often cited as a best practice, it remains inconsistently applied due to the manual overhead required. GitAuto,…
Securing the invisible: Supply chain security trends
Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a CI/CD pipeline, a rogue dependency hidden in open-source code, or tampered hardware components, these attacks bypass traditional defenses…
Navigating Through The Fog
Key Takeaways An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, exploitation, lateral movement, and persistence… This article has been indexed from…
How Do You Know If You’re Ready for a Red Team Partnership?
Before engaging in a full-scope exercise, it’s important to assess whether your program, people and processes are truly ready. The post How Do You Know If You’re Ready for a Red Team Partnership? appeared first on SecurityWeek. This article has…
Choosing the Best Secrets Vault—Are You Free?
Are Your Cloud Security Decisions Truly Yours? Amid the dialing twists and turns of cybersecurity, have you ever wondered whether the freedom to make decisions about your Non-Human Identities (NHIs) and Secrets Security Management is still in your grasp? Are…
Gaining Independence with NHI Lifecycle Management
Can Non-Human Identities Truly Empower Independent Security Systems? Non-Human Identities (NHIs) are becoming an unavoidable part of our cyber defenses. Managing their lifecycle has become an integral aspect of creating independent security systems. By embracing NHI lifecycle management, professionals can…