Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands. Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in…
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow attackers to sidestep authentication entirely through brute-force methods. Tracked as CVE-2025-49201, the flaw stems from a weak authentication mechanism in…
Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware
Cybercriminals have developed a sophisticated phishing campaign targeting Colombian users through fake judicial notifications, deploying a complex multi-stage malware delivery system that culminates in AsyncRAT infection. The campaign demonstrates an alarming evolution in social engineering tactics, leveraging legitimate-looking governmental communications…
New Cyberattack Leverages NPM Ecosystem to Infect Developers While Installing Packages
Cybersecurity researchers have uncovered a sophisticated phishing campaign that weaponizes the NPM ecosystem through an unprecedented attack vector. Unlike traditional malicious package installations, this operation leverages the trusted unpkg.com CDN to deliver phishing scripts directly through browsers, targeting enterprise employees…
Securing AI agents with Amazon Bedrock AgentCore Identity
By using Amazon Bedrock AgentCore, developers can build agentic workloads using a comprehensive set of enterprise-grade services that help quickly and securely deploy and operate AI agents at scale using any framework and model, hosted on Amazon Bedrock or elsewhere.…
Preparing for the Next Wave of AI-Driven Threats
Cristian Rodriguez, Field CTO for the Americas at CrowdStrike, discusses how artificial intelligence and evolving threat dynamics are reshaping cybersecurity. Rodriguez brings a unique perspective—equal parts technical and creative—describing how CrowdStrike continues to innovate in an era defined by speed…
Beyond Alerts: Building Smarter, Context-Aware Threat Detection
Jeff Reed, chief product officer at Vectra AI, talks about the company’s latest advances in detection and response—and how AI is transforming the way enterprises defend against modern cyber threats. Reed, who joined Vectra after years leading cloud security and…
Microsoft Patch Tuesday October 2025, (Tue, Oct 14th)
I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft's cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in third-party software like open source libraries. This…
Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire
Officials in the US and UK have taken sweeping action against “one of the largest investment fraud operations in history,” confiscating a historic amount of funds in the process. This article has been indexed from Security Latest Read the original…
Support for Windows 10 Ends Today Leaving Users Vulnerable to Cyberattacks
Microsoft officially ended support for Windows 10, marking the close of a decade-long era for one of the most popular operating systems in history. This means that as of today, the company will no longer deliver free security updates, feature…
Microsoft October 2025 Patch Tuesday – 4 Zero-days and 173 Vulnerabilities Patched
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 173 vulnerabilities across its ecosystem, including four zero-day flaws, of which two are actively exploited in the wild. This monthly security bulletin underscores the relentless pace of threat…
Beyond Passwords and API Keys: Building Identity Infrastructure for the Autonomous Enterprise
Static API keys scattered across repositories create exponential security debt as AI scales. The solution? Credentials that live for minutes, not months. X.509 certificates and service mesh technology provide the foundation for machine identity that operates at AI speed while…
The Endpoint Has Moved to the Browser — Your Security Tools Haven’t
Your users aren’t downloading files to their desktops anymore. They’re not running local applications. They’re working in Google Docs, Salesforce, Slack, and dozens of other browser-based platforms. The endpoint—the place where work actually happens—has moved entirely into the browser. Your…
The Defensive Gap: Why Modern SOCs Are Losing Ground and How to Close It
Despite continued investments in SIEMs, threat intelligence platforms, and managed detection services, many Security Operations Centers (SOCs) remain in a defensive position. SOCs are reactive, overstretched, and underprepared. High-profile breaches continue to grab headlines, but they are only what is…
China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence
The China-based APT group Flax Typhoon used a function within ArcGIS’ legitimate geo-mapping software to create a webshell through which it established persistence for more than a year to execute malicious commands and steal credentials. The post China’s Flax Typhoon…
Fortinet Strengthens Global Collaboration through the World Economic Forum’s Cybercrime Atlas
Released ahead of the forum’s Annual Meeting on Cybersecurity 2025, the Cybercrime Atlas Impact Report 2025 highlights the tangible progress achieved through multi-sector collaboration in dismantling cybercriminal networks and building resilience at scale. Read more. This article has been…
ICE Uses Fake Tower Cells to Spy on Users
Federal contract to spy Earlier this year, the US Immigration and Customs Enforcement (ICE) paid $825,000 to a manufacturing company that makes vehicles installed with tech for law enforcement, which also included fake cellphone towers called “cell-site” simulators used to…
Microsoft raises the bar: A smarter way to measure AI for cybersecurity
ExCyTIn-Bench is Microsoft’s newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations. The post Microsoft raises the bar: A smarter way to measure AI for cybersecurity appeared first on Microsoft Security Blog. This article…
IT Security News Hourly Summary 2025-10-14 18h : 9 posts
9 posts were published in the last hour 16:2 : 4,000,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Slider Revolution WordPress Plugin 16:2 : HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device 16:2 : Legacy Windows Protocols…
How to use Gophish to fortify security awareness training
<p>Security teams constantly worry about phishing scams. Of all the social engineering attacks, phishing is the most significant and effective.</p> <p>Despite thorough guidance to help employees <a href=”https://www.techtarget.com/searchsecurity/feature/How-to-avoid-phishing-hooks-A-checklist-for-your-end-users”>avoid falling victim to phishing schemes</a> and technologies that help prevent many scams…
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems (ICS) advisory on October 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-287-01 Rockwell Automation 1715 EtherNet/IP Comms Module CISA encourages users and administrators to review…
Rockwell Automation 1715 EtherNet/IP Comms Module
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1715 EtherNet/IP Vulnerabilities: Allocation of Resources Without Limits or Throttling, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an…
Danish Developer’s Website Sparks EU Debate on Online Privacy and Child Protection
In August, a 30-year-old developer from Aalborg, identified only as Joachim, built a platform called Fight Chat Control to oppose a proposed European Union regulation aimed at tackling the spread of child sexual abuse material (CSAM) online. The EU…
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored…