A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The…
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims’ devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS. This article has been indexed from Securelist Read the original article: Post-exploitation framework now…
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on malicious…
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting…
New York Judge Sanctions Lawyer Over AI-Generated Filings
Judge sanctions attorney after he submits AI-generated filing to explain previous AI-generated documents replete with errors This article has been indexed from Silicon UK Read the original article: New York Judge Sanctions Lawyer Over AI-Generated Filings
ConnectWise Flaws Let Attackers Deliver Malicious Software Updates
ConnectWise has issued a critical security update for its Automate™ platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates. The flaws, present in on-premises installations configured to use unsecured communication channels, put organizations at…
Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation
Cybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025. In 80% of the cyber incidents Microsoft…
Microsoft’s Patch Tuesday: 172 Flaws Fixed
The tech titan is addressing 172 security flaws, including six zero-day vulnerabilities. Among these, eight are rated “Critical,” consisting of five remote code execution bugs and three elevation of privilege issues. The post Microsoft’s Patch Tuesday: 172 Flaws Fixed appeared…
PowerSchool hacker got four years in prison
Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3…
Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk
Over 269,000 F5 devices are reportedly exposed to the public internet daily, according to data from The Shadowserver Foundation. This exposure comes at a critical time following F5’s disclosure of a sophisticated nation-state attack that compromised its development environment, stealing…
North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency
In recent months, a sophisticated malware campaign—dubbed EtherHiding—has emerged from North Korea-aligned threat actors, sharply escalating the cybersecurity risks facing cryptocurrency exchanges and their users worldwide. The campaign surfaced in the wake of heightened regulatory crackdowns on illicit crypto transactions,…
VMware Workstation and Fusion 25H2 Released with New Features and Latest OS Support
VMware has launched Workstation 25H2 and Fusion 25H2, the newest iterations of its desktop hypervisors, featuring a revamped versioning system, enhanced tools, and broader compatibility with modern hardware and operating systems. These updates aim to streamline virtualization for developers, IT…
Is it possible to keep AI out of your personal life?
It is close to impossible to keep AI out of your personal life, and a recent report by PEW research confirms that the majority of… The post Is it possible to keep AI out of your personal life? appeared first…
ABB Sees Surge In AI Data Centre Orders
ABB data orders related to AI data centres grow by double-digit percentage rate in third quarter, in latest sign of AI’s sway over economy This article has been indexed from Silicon UK Read the original article: ABB Sees Surge In…
Authors Sue Salesforce Over AI Training Methods
Authors file proposed class-action lawsuit over alleged use of pirated novels to train xGen AI models to process language This article has been indexed from Silicon UK Read the original article: Authors Sue Salesforce Over AI Training Methods
APT28 Deploys BeardShell and Covenant Modules via Weaponized Office Documents
Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanced malware frameworks including BeardShell and Covenant modules. The operation represents…
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and…
Prosper Data Breach Impacts 17.6 Million Accounts
Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information. The post Prosper Data Breach Impacts 17.6 Million Accounts appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Auction house Sotheby’s disclosed a July data breach
Sotheby’s reported a July 24 breach exposing customer and financial data; it took two months to assess the stolen information and affected individuals. Sotheby’s reported a data breach that exposed customer information, including financial details. The company discovered the security…
F5 Released Security Updates Covering Multiple Products Following Recent Hack
F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products. Detected in August 2025, the incident exposed internal…
Under the engineering hood: Why Malwarebytes chose WordPress as its CMS
It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. Here’s what we considered when choosing it. This article has been indexed from Malwarebytes Read the original article: Under the engineering…
Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices
An attacker can exploit the flaws to put devices into a permanent DoS condition that prevents remote restoration. The post Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Levo.ai platform unifies AI security and compliance from development to runtime
Levo.ai has released its Unified AI Security Platform, designed to secure AI applications from development to runtime. The platform unifies five modules under a single control plane, enabling enterprises to deploy AI while meeting compliance and security mandates. AI has…
AISLE emerges from stealth with AI-native cyber reasoning system to tackle zero-day vulnerabilities
AISLE emerged from stealth, delivering the AI-native cyber reasoning system (CRS) that autonomously identifies, triages and remediates with verification both known and zero-day application vulnerabilities, which still account for the majority of security breaches. Malicious actors continue to exploit a…