#public-network-vulnerabilities
#public-network-vulnerabilities

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

fromYahoo Tech

Privacy technologies

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

fromNextgov.com

Remote teams

OPM seeks cybersecurity talent to join Tech Force

7 hours ago

Information security

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

4 hours ago

Nightclub Giant RCI Hospitality Reports Data Breach

RCI Hospitality Holdings reported a cybersecurity incident exposing sensitive personal information of independent contractors due to an IDOR vulnerability.

23 hours ago

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

Silicon Valley

fromWIRED

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

fromNextgov.com

Remote teams

OPM seeks cybersecurity talent to join Tech Force

7 hours ago

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA added six security flaws to its KEV catalog due to evidence of active exploitation.

4 hours ago

Nightclub Giant RCI Hospitality Reports Data Breach

RCI Hospitality Holdings reported a cybersecurity incident exposing sensitive personal information of independent contractors due to an IDOR vulnerability.

23 hours ago

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

Dangerous Apps In the Web of Data Brokers

Smartphone apps collect detailed location data, often shared with data brokers, posing security risks to users, including soldiers and government officials.

fromArs Technica

17 hours ago

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.

Privacy professionals

2 hours ago

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real time, enhancing its operational value significantly.

Roam Research

#data-breach

EU data protection

fromTNW | Data-Security

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

20 hours ago

Booking.com confirms hackers accessed customers' data | TechCrunch

Hackers accessed Booking.com customers' personal data, including names, emails, and booking details, prompting notifications to affected users.

fromSecuritymagazine

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

fromwww.theguardian.com

Booking.com warns customers of hack that exposed their data

Booking.com experienced a data breach, allowing unauthorized access to customer booking information, but financial data remained secure.

22 hours ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

HackerOne hit by data breach via third-party partner

HackerOne confirmed a data breach at Navia, affecting 287 employees' personal data, including sensitive information like Social Security numbers.

EU data protection

fromTNW | Data-Security

Basic-Fit hit by hack affecting members across multiple countries, including 200,000 in the Netherlands

Basic-Fit experienced a data breach affecting 200,000 members, exposing personal and bank details but not passwords or identity documents.

20 hours ago

Booking.com confirms hackers accessed customers' data | TechCrunch

Hackers accessed Booking.com customers' personal data, including names, emails, and booking details, prompting notifications to affected users.

fromSecuritymagazine

Booking.com Customer Data Hacked, Exposed

Booking.com experienced a data breach, exposing customer booking information but not financial data.

fromwww.theguardian.com

Booking.com warns customers of hack that exposed their data

Booking.com experienced a data breach, allowing unauthorized access to customer booking information, but financial data remained secure.

22 hours ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

HackerOne hit by data breach via third-party partner

HackerOne confirmed a data breach at Navia, affecting 287 employees' personal data, including sensitive information like Social Security numbers.

Cloudflare introduces new features for building and deploying agents

Cloudflare is transforming AI development with Dynamic Workers, Sandboxes, and Artifacts for secure, scalable, and efficient code execution.

#ai

fromFast Company

Artificial intelligence

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

fromwww.npr.org

US news

How AI is getting better at finding security holes

fromIntelligencer

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

17 hours ago

Information security

Runtime security becomes critical as AI accelerates threats

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

fromFast Company

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

Claude Mythos AI model may enhance cybersecurity defenses but also poses risks for hackers due to its ability to identify vulnerabilities and create exploits.

fromwww.npr.org

US news

How AI is getting better at finding security holes

fromIntelligencer

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

17 hours ago

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.

Law

fromIndependent

Computer engineer claims he was penalised for flagging Israeli links of firm given 'bananas' server access at top Irish cybersecurity company

A cyber-security firm reprimanded an engineer for discriminatory comments regarding an Israeli company's access to its servers amid concerns about Palestinian genocide.

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

Apple

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

fromPrivacy International

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

more#apple-intelligence

EU data protection

fromComputerWeekly.com

14 hours ago

UK reliance on US big tech companies is 'national security risk', claims report | Computer Weekly

The UK is at risk due to over-reliance on US tech companies for critical infrastructure, impacting national security.

US news

Dangerous data

US police misuse warrantless access to personal data, leading to wrongful arrests and life-altering consequences for innocent individuals.

23 hours ago

BrowserGate: Claims of LinkedIn 'Spying' Clash With Security Research Findings

LinkedIn allegedly scans users' computers to collect data on browser extensions, raising concerns about corporate espionage.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

4 hours ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

3 hours ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

fromFinbold

1 hour ago

Kraken insider extortion reveals remote work security blind spot

"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.

Information security

DevOps

fromInfoQ

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

fromInfoWorld

3 weeks ago

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

6 hours ago

OpenAI replaces certificates following Axios incident

OpenAI renewed its macOS certificates as a precaution after a third-party tool vulnerability, though no user data was compromised.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

more#openai

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

SAP Patches Critical ABAP Vulnerability

SAP released 20 new and updated security notes addressing critical vulnerabilities, including a severe SQL injection flaw with a CVSS score of 9.9.

fromInfoQ

13 hours ago

New Rowhammer Attacks on NVIDIA GPUs Enable Full System Takeover

New Rowhammer attacks target NVIDIA GPUs, escalating from memory corruption to full system compromise, highlighting significant hardware security risks.

16 hours ago

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

fromLondon Business News | Londonlovesbusiness.com

3 hours ago

How to build digital trust in an era of automated scams - London Business News | Londonlovesbusiness.com

Automated scams are increasingly sophisticated, requiring businesses to enhance digital trust through visible actions and layered verification strategies.

7 hours ago

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

2 days ago

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

2 days ago

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

Two different attackers poisoned popular open source tools

Two major supply chain attacks in March compromised open source tools, stealing data from numerous organizations.

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

fromElectronic Frontier Foundation

Yikes, Encryption's Y2K Moment is Coming Years Early

Google has moved its quantum preparedness deadline for cryptography to 2029 due to advancements in technology.

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

Juniper Networks released patches for multiple vulnerabilities, including severe flaws that could lead to privilege escalation and remote device takeover.

fromNextgov.com

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

Evasive Masjesu DDoS Botnet Targets IoT Devices

Masjesu is a botnet targeting IoT devices for DDoS attacks, active since 2023 and primarily advertised on Telegram.

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall released patches for multiple vulnerabilities, including high-severity bugs that could allow unauthorized access and code execution.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

fromTechRepublic

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.

Data Leakage Vulnerability Patched in OpenSSL

Seven vulnerabilities in OpenSSL have been patched, including a moderate severity flaw that can lead to sensitive data leakage.

Is 46% of your AI-generated code vulnerable?

46% of AI-generated code contains security vulnerabilities, necessitating integrated governance throughout the software delivery lifecycle.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Chaos malware targets misconfigured cloud deployments, expanding its reach beyond routers and edge devices.

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

fromTechRepublic

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

fromSecuritymagazine

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromComputerWeekly.com

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

fromComputerWeekly.com

1 month ago

Vulnerability reports: Increase in quantity, decrease in quality? | Computer Weekly

Bug bounty programs face sustainability challenges due to increased low-quality submissions, prompting cURL founder Daniel Stenberg to shut down his HackerOne program and switch to GitHub for vulnerability reporting.

1 month ago

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP released security updates for two critical vulnerabilities enabling arbitrary code execution: CVE-2019-17571 in Quotation Management Insurance and CVE-2026-27685 in NetWeaver Enterprise Portal Administration.

2 months ago

Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms

Vulnerabilities discovered by researchers in Dormakaba physical access control systems could have allowed hackers to remotely open doors at major organizations. The security holes were discovered by experts at SEC Consult, a cybersecurity consulting firm under Atos-owned Eviden, in Dormakaba's Exos central management software, a hardware access manager, and registration units that enable entry via a keypad, fingerprint reader, or chip card.

Information security

2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.