The Microsoft Security Store is the gateway for customers to easily discover, buy, and deploy trusted security solutions and AI agents from leading partners. The post The new Microsoft Security Store unites partners and innovation appeared first on Microsoft Security Blog.…
SimonMed Imaging reports data breach affecting over 1.2 million patients
U.S.-based medical imaging provider SimonMed Imaging has disclosed a cybersecurity incident that compromised the personal data of more than 1.2 million patients earlier this year. The company, which operates nearly 170 diagnostic centers across 11 states, specializes in radiology…
Amazon Resolves Cloud Outage That Roiled Internet
Issue with DNS resolution caused cascading problems for multiple online services, with glitches continuing for most of Monday This article has been indexed from Silicon UK Read the original article: Amazon Resolves Cloud Outage That Roiled Internet
The Unkillable Threat: How Attackers Turned Blockchain Into Bulletproof Malware Infrastructure
The blockchain was supposed to revolutionize trust. Instead, it’s revolutionizing cybercrime. Every foundational principle that makes blockchain technology secure—decentralization, immutability, global accessibility—has been systematically inverted by sophisticated threat actors into the most resilient malware delivery system ever created. Welcome to…
Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data
A sophisticated vulnerability in Microsoft 365 Copilot (M365 Copilot) that allows attackers to steal sensitive tenant data, including recent emails, through indirect prompt injection attacks. The flaw, detailed in a blog post published today by researcher Adam Logue, exploits the…
Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users
A severe vulnerability in the popular better-auth library’s API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue affects better-auth, a TypeScript authentication framework downloaded around 300,000 times weekly on npm. This…
Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affects versions prior to 3.0.14 and 4.0.2, where administrators can upload malicious Groovy…
CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptCore engine could allow attackers to execute arbitrary code simply by processing…
Gravwell Closes $15.4M Funding Round to Expand Data Analytics and Security Platform
The Series A round was led by Two Bear Capital and included participation from Gula Tech Adventures, Next Frontier Capital, and others. The post Gravwell Closes $15.4M Funding Round to Expand Data Analytics and Security Platform appeared first on SecurityWeek. This…
The Rise of Passkeys
What Are Passkeys? You know how annoying it is to remember all those different passwords for every single website? And how terrifying it is when you hear about a company getting hacked, and suddenly, your password for that site might…
Rockwell Automation 1783-NATR
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerabilities: Missing Authentication for Critical Function, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Cross-Site Request Forgery (CSRF) 2. RISK…
Rockwell Automation Compact GuardLogix 5370
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Compact GuardLogix 5370 Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service. 3. TECHNICAL DETAILS 3.1…
Oxford Nanopore Technologies MinKNOW
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Oxford Nanopore Technologies Equipment: MinKNOW Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation…
Siemens RUGGEDCOM ROS Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Siemens SIMATIC S7-1200 CPU V1/V2 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
NDSS 2025 – Workshop On Security And Privacy Of Next-Generation Networks (FutureG) 2025, Session 3 Session 3: Novel Threats In Decentralized NextG And Securing Open RAN
PAPERS Feedback-Guided API Fuzzing of 5G Network Tianchang Yang (Pennsylvania State University), Sathiyajith K S (Pennsylvania State University), Ashwin Senthil Arumugam (Pennsylvania State University), Syed Rafiul Hussain (Pennsylvania State University) Trust or Bust: A Survey of Threats in Decentralized Wireless…
October Patch Tuesday Fails Hard — Windows Update Considered Harmful?
Satya fiddles while Redmond burns? Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions. The post October Patch Tuesday Fails Hard — Windows Update Considered Harmful? appeared first on Security Boulevard. This article has been indexed from…
IT Security News Hourly Summary 2025-10-21 18h : 13 posts
13 posts were published in the last hour 16:4 : PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign 16:4 : Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams 15:34 : Restructuring risk…
Google introduces agentic threat intelligence for faster, conversational threat analysis
Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation. A new way to interact with threat data…
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal…
Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams
Meta on Tuesday said it’s launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it’s introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact…
Restructuring risk operations: building a business-aligned cyber strategy
Why organizations need a new strategy to break down silos and usher in a new era of risk intelligence Partner Content As cyber risk continues to escalate, many organizations face a disconnect between cybersecurity investments and actual risk reduction. Despite…
SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility
NetRise appointed the former CISA Senior Advisor and Strategist as a Strategic Advisor. The post SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Pixnapping Malware Exploits Android’s Rendering Pipeline to Steal Sensitive Data from Google and Samsung Devices
Cybersecurity researchers have revealed a new Android malware attack called Pixnapping, capable of stealing sensitive information from Google and Samsung smartphones without any user interaction. The name “Pixnapping” blends “pixel” and “snapping,” referring to how the malware stealthily extracts…