In this episode of Cybersecurity Today, host Jim Love discusses major updates on the recent cyber attack on Marks and Spencer, revealing new details and arrests. The breach involved sophisticated social engineering that infiltrated the company’s network through an IT…
Tag: EN
Was the data of 64 million McDonald’s applicants left protected only by a flimsy password?
Yes, it was. The personal information of approximately 64 million McDonald’s applicants was left unprotected due to login details consisting of a username and password… The post Was the data of 64 million McDonald’s applicants left protected only by a…
Eufy’s new smart display could seriously challenge Amazon and Google – here’s how
The Smart Display E10 tablet offers a variety of features, like intelligent facial recognition, and comes with a built-in battery for portability. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Eufy’s new…
French cops cuff Russian pro basketball player on ransomware charges
‘He’s useless with computers and can’t even install an application’ says lawyer A Russian professional basketball player is cooling his heels in a French detention center after being arrested and accused of acting as a negotiator for a ransomware gang.……
Laravel APP_KEY Flaw Exploited to Trigger Remote Code Execution on Hundreds of Apps
Security researchers have uncovered a critical vulnerability in Laravel applications where exposed APP_KEY credentials are being actively exploited to achieve remote code execution (RCE) on hundreds of production systems. This widespread security flaw stems from Laravel’s automatic deserialization of decrypted…
Windows 11 Users Encounter New Black Screen of Death Update
Microsoft has released Windows 11 Build 26100.4762 (KB5062660) to Insiders in the Release Preview Channel, introducing a redesigned restart interface that displays on a black background – a significant departure from traditional system recovery screens. This update brings substantial changes to user…
Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack
A critical security vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 websites worldwide and potentially exposing them to complete site takeover attacks. The vulnerability, assigned CVE-2025-6691 with a CVSS score of 8.8, allows unauthenticated attackers to…
Laravel APP_KEY Vulnerability Allows Remote Code Execution – Hundreds of Apps Affected
A critical vulnerability in Laravel applications exposes APP_KEY configuration values, enabling attackers to achieve remote code execution (RCE). Collaborative research between GitGuardian and Synacktiv revealed that approximately 260,000 APP_KEYs have been exposed on GitHub since 2018, with over 600 applications…
Token Security launches two features to secure AI agents and machine identities
Token Security announced two transformative innovations that redefine how enterprises discover, govern, and secure expanding universe of AI agents and machine identities. The company has launched an AI Discovery Engine for NHIs and introduced the Token AI Agent, a powerful…
Bitwarden MCP server equips AI systems with controlled access to credential workflows
Bitwarden launched a new Model Context Protocol (MCP) server, enabling secure integration between AI agents and credential workflows. This release positions Bitwarden at the forefront of empowering AI assistants to access, generate, retrieve, and manage credentials while preserving zero-knowledge, end-to-end…
Chinese censorship-busters claim Tencent is trying to kill its WeChat archive
Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved Anti-censorship organization GreatFire.org has accused Singapore infosec outfit Group-IB of helping Chinese web giant Tencent to quell its activities.… This article has been indexed from The Register…
HPU Website Defaced in Cyberattack, Investigation Underway
Shimla, June 10 — The official website of Himachal Pradesh University (HPU) experienced an unexpected breach earlier this week, when its homepage was briefly altered to display inappropriate and anti-national content. The incident prompted immediate action, with the university…
Where policy meets profit: Navigating the new frontier of defense tech startups
In this Help Net Security interview, Thijs Povel, Managing Partner at Ventures.eu, discusses how the firm evaluates emerging technologies through the lens of defense and resilience. He explains how founders from both defense and adjacent sectors are addressing policy shifts,…
Hypervisor Ransomware Threat Grows: MITRE ATT&CK v17 Puts C-Suite on Alert
The latest update to the MITRE ATT&CK framework—version 17—has brought hypervisor security into sharp focus, prompting a necessary shift in how organizations view the core of their virtualized infrastructure. For the first time, VMware ESXi hypervisors have received a…
Employees are quietly bringing AI to work and leaving security behind
While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine. The rise of unauthorized AI use Shadow AI has quietly infiltrated organizations across North America, creating blind spots that…
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild. The shortcoming…
PerfektBlue Bluetooth Attack Exposes Millions of Cars to Hacking Risks
A critical cybersecurity vulnerability, “PerfektBlue,” has come to light, revealing that millions of vehicles are susceptible to remote… The post PerfektBlue Bluetooth Attack Exposes Millions of Cars to Hacking Risks appeared first on Hackers Online Club. This article has been…
Financial firms are locking the front door but leaving the back open
Financial institutions are building stronger defenses against direct cyberattacks, but they may be overlooking a growing problem: their vendors. According to Black Kite’s new report, third-party risk has become one of the biggest cybersecurity threats facing the financial sector. Ransomware…
Palo Alto Networks GlobalProtect Vulnerability Enabling Root-Level Access
Palo Alto Networks has disclosed a significant security vulnerability in its Autonomous Digital Experience Manager software that could allow attackers to gain root-level access on macOS systems. The vulnerability, tracked as CVE-2025-0139, affects versions 5.6.0 through 5.6.6 of the software…
New infosec products of the week: July 11, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Barracuda Networks, Cynomi, Lepide, Tosibox, and Zenni Optical. Cynomi’s platform updates enable service providers to prioritize their security efforts Cynomi has launched new business impact…