Information security

Information security

The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise that could allow attackers to perform unintended actions. "Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise," according to a description of the flaw published in CVE.org. "The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected."

Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix. Cisco disclosed the bug, tracked as CVE-2025-20393, on Wednesday and said it affects both physical and virtual SEG and SEWM appliances in certain non-standard configurations where the Spam Quarantine feature is enabled and exposed to the internet.

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by the broader cybersecurity community under the names CL-STA-0049, Earth Alux, and REF7707. The China-aligned hacking group is assessed to be active since at least March 2023.

Most of us have some internet of things (IoT) devices at home, whether it's a phone, a tablet, or a collection of security cameras and sensors. When you learn that 120,000 home security cameras were hacked in South Korea for sexploitation footage, it makes you think twice about adding such devices to your home, which is your most sacred space for privacy.

The Cybersecurity and Infrastructure Security Agency said it will make 100 internship opportunities available to students participating in a government scholarship program that's been hampered by federal hiring freezes enacted by the Trump administration. The move announced Wednesday would allow undergraduate and graduate students to enter the cyber defense agency under the CyberCorps: Scholarship for Service Program, a longstanding workforce pipeline used to place top student talent into U.S. cybersecurity positions.

the entire backend used to manage its phone farm - so it provides an extraordinary glimpse at how the service is actually being used to manipulate social media at scale. Speaking to 404 on condition of anonymity, the hacker said they can "see the phones in use, which manager [computers controlling the phones] they had, which TikTok accounts they were assigned, proxies in use (and their passwords), and pending tasks. As well as the link to control devices for each manager."

Steve Schmidt, the chief security officer at Amazon, says his team has identified and blocked more than 1,800 attempts by North Korea to secure IT roles at the tech giant. He warns that this scheme is becoming more prevalent across the technology industry as the nation-state actor targets the lucrative salaries of generative artificial intelligence and machine learning jobs, and the troves of valuable data such workers have access to.

Illusory Systems, which trades as Nomad, allegedly misled users about the security of its cryptocurrency bridge, which was compromised in 2022 in an attack that led to $186 million worth of funds being stolen. The FTC alleged that Nomad pushed an update in June 2022 containing "inadequately tested code" that, in turn, introduced a "significant vulnerability" that was exploited around a month later.

But for the better part of 2025, cofounder and CEO Matthew Prince has been trying to change that. The company's core business is to improve the performance and enhance the security of websites and online applications, protecting against malicious actors and routing web traffic through its data centers to optimize performance. "Six billion people pass through our network every single month," Prince says. If Cloudflare is doing its job well, no one notices.

Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). Patches for the flaws were released by Fortinet last week for FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. "These vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages, if the FortiCloud SSO feature is enabled on affected devices," Arctic Wolf Labs said in a new bulletin.

"SoundCloud recently detected unauthorized activity in an ancillary service dashboard," opens a Monday post from the company. "Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response." Not long after SoundCloud and its hired help contained the incident, the site became the subject of multiple denial of service attacks.

The Old Internet is built on Internet Protocol version 4. This was first used on ARPANET in 1983. It's the IP version that launched the modern Internet. It's what we - or at least the general public - think of as an IP address. Under the covers it's a 32 bit long identifier, but it's always displayed as four decimal numbers separated by periods, e.g. "208.87.129.176".

The online casino industry has always been driven by innovation, but no technological shift has been as transformative as the rise of blockchain and cryptocurrency. What started as an experimental payment method has now evolved into a powerful engine reshaping how players interact with gambling platforms. Even established brands like Win Olympia are adopting blockchain-driven features to stay ahead of the curve. From faster payments to unparalleled transparency, blockchain is not just enhancing the online casino experience-it is redefining it entirely.

CVE-2025-61675 (CVSS score: 8.6) - Numerous authenticated SQL injection vulnerabilities impacting four unique endpoints (basestation, model, firmware, and custom extension) and 11 affected parameters that enable read and write access to the underlying SQL database CVE-2025-61678 (CVSS score: 8.6) - An authenticated arbitrary file upload vulnerability that allows an attacker to exploit the firmware upload endpoint to upload a PHP web shell after obtaining a valid PHPSESSID and run arbitrary commands to leak the contents of sensitive files (e.g., "/etc/passwd")

Hundreds of millions of computers worldwide are still running Windows 10, months after the one-time king of PC operating systems officially passed its end-of-support deadline. If you're responsible for one of those machines and you aren't ready to upgrade to Windows 11, you can sign up today for an Extended Security Updates (ESU) subscription -- consumers can get those updates free through October 2026, as I explain here: How to get free Windows 10 security patches on your PC - from now to October 2026.

A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into malware via silent updates. In total, about 4.3 million users installed these once-legitimate add-ons, which suddenly went rogue with spyware and backdoor capabilities. This tactic was essentially a browser extension supply-chain attack. The ShadyPanda operators even earned featured and verified badges in the official Chrome Web Store and Microsoft Edge Add-ons site for some extensions, reinforcing user confidence. Because extension updates happen automatically in the background, the attackers were able to push out malicious code without users noticing a thing.

Jaguar Land Rover (JLR) has reportedly told staff the cyber-raid that crippled its operations in August didn't just bring production to a screeching halt - it also walked off with the personal payroll data of thousands of employees. The breach, which was pegged as one of the most costly in UK history, includes bank account details, tax codes, and other sensitive data related to staff salaries, benefits, and former employees. In an email to both current employees and former employees, seen by The Telegraph, JLR wrote: "While investigating, we have unfortunately identified that there has been unauthorised access to some personal data we process in the context of employment and some information needed to administer payroll, benefits and staff schemes to employees and dependents. This includes data of ex-JLR team members that has been stored."

Details of the six-year-old flaw were publicly shared by Cisco Talos in April 2019, describing it as an exploitable remote code execution vulnerability in the ACEManager "upload.cgi" function of Sierra Wireless AirLink ES450 firmware version 4.9.3. Talos reported the flaw to the Canadian company in December 2018. "This vulnerability exists in the file upload capability of templates within the AirLink 450," the company said. "When uploading template files, you can specify the name of the file that you are uploading."

Two people allegedly linked to China's infamous Salt Typhoon espionage hacking group seem to have previously received training through Cisco's prominent, long-running networking academy. Meanwhile, warnings are increasingly emerging from United States lawmakers in Congress that safeguards on expanded US wiretap powers have been failing, allowing US intelligence agencies to access more of Americans' data without adequate constraints. If you've been having trouble keeping track of all of the news and data coming out about infamous sex offender Jeffrey Epstein,

A security vulnerability in the Notepad++ update mechanism has been exploited to spread malicious code. What began as a report within the Notepad++ community at the end of October was later confirmed to be a structural weakness in the updater. Analysis by BleepingComputer shows that attackers were able to execute malware via this mechanism. Notepad++ has since released a fix in version 8.8.9.

A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online. Researchers from 0patch, the micropatching site, uncovered the denial-of-service (DoS) bug while investigating CVE-2025-59230, a Windows RasMan privilege escalation vulnerability that Redmond fixed in October, but not before attackers found and exploited the vulnerability.

Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing it via 'mshta.exe,'" Morphisec researcher Yonatan Edri said in a report shared with The Hacker News.