The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778,…
Tag: EN
Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox
Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of…
TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes
A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to…
DHS Asks OpenAI To Share Information on ChatGPT Prompts Used By Users
The Department of Homeland Security (DHS) has issued the first known federal search warrant compelling OpenAI to disclose user data tied to ChatGPT prompts. The warrant, unsealed last week in Maine and reviewed by cybersecurity outlets, stems from a year-long…
Airbnb Praises Alibaba’s Open-Source AI Model
Airbnb says it is ‘relying a lot’ on Alibaba’s Qwen model, which is ‘fast and cheap’, as open-source approach wins over corporate users This article has been indexed from Silicon UK Read the original article: Airbnb Praises Alibaba’s Open-Source AI…
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware
The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully…
Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy
The attack on Jaguar Land Rover costs the UK economy $2.5B, marking its most damaging cyber incident, says CMC. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack also impacted…
“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. “Jingle Thief attackers use phishing and smishing…
Hugging Face and VirusTotal: Building Trust in AI Models
We’re happy to announce a collaboration with Hugging Face, an open platform that fosters collaboration and transparency in AI, to make security insights more accessible to the community. VirusTotal’s analysis results are now integrated directly into the Hugging Face platform,…
Hong Kong Stock Exchange Tops Global IPO Rankings
Hong Kong’s stock exchange tops world rankings for initial public offerings so far this year, building on DeepSeek-driven tech rally This article has been indexed from Silicon UK Read the original article: Hong Kong Stock Exchange Tops Global IPO Rankings
Master IT Fundamentals with This CompTIA Certification Prep Bundle
Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep. The post Master IT Fundamentals with This CompTIA Certification Prep Bundle appeared first on TechRepublic. This article has been…
Jaguar Land Rover Attack Costs UK Estimated £1.9bn
Attack that shut down Jaguar Land Rover production likely to be costliest UK cyber-incident to date, researchers say This article has been indexed from Silicon UK Read the original article: Jaguar Land Rover Attack Costs UK Estimated £1.9bn
The Human Cost of Defense: A CISO’s View From the War Room
Semperis’ Midnight in the War Room reveals the unseen struggles, burnout and heroism of CISOs and defenders who protect our digital world every day. The post The Human Cost of Defense: A CISO’s View From the War Room appeared first…
AuditBoard expands AI compliance with FairNow acquisition and Accelerate launch
AuditBoard has reached a definitive agreement to acquire FairNow. The addition of FairNow enhances AuditBoard’s capabilities with intelligent, automated, step-by-step AI compliance guidance. As AI governance requirements expand globally, AuditBoard customers are now uniquely positioned to maintain compliance and mitigate…
TP-Link urges updates, MuddyWater espionage campaign, flaw hits Adobe Commerce
TP-Link urges updates for Omada gateways MuddyWater targets organizations in espionage campaign “SessionReaper” flaw exploited in Adobe Commerce Huge thanks to our sponsor, ThreatLocker Cybercriminals don’t knock — they sneak in through the cracks other tools miss. That’s why organizations…
UK May Require Apple, Google App Store Changes
UK competition regulator confirms designation of Apple and Google mobile platforms as having strategic market status, in landmark move This article has been indexed from Silicon UK Read the original article: UK May Require Apple, Google App Store Changes
New Malware Toolkit from MuddyWater Delivers Phoenix Backdoor to Global Targets
Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign orchestrated by the Iran-linked Advanced Persistent Threat group MuddyWater, targeting international organizations worldwide to gather foreign intelligence. The campaign demonstrates the threat actor’s evolving tactics and enhanced operational maturity in exploiting…
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code…
BIND 9 Vulnerabilities Expose DNS Servers to Cache Poisoning and DoS
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially impacting millions of users worldwide.…
Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial Of Service Attacks
The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778,…