Information security

[ follow ]
Information security
fromInfoQ
13 hours ago

AWS Introduces EC2 Instance Attestation

EC2 instance attestation lets customers cryptographically verify EC2 instances run approved Attestable AMIs, enforcing zero operator access and restricting KMS decryption to approved instances.
Information security
fromWIRED
3 hours ago

Hackers Dox ICE, DHS, DOJ, and FBI Officials

Multiple major privacy and security failures exposed sensitive communications, election infrastructure consolidation, and massive criminal cryptocurrency seizure, alongside new vulnerabilities in authentication and VPNs.
#data-breach
Information security
fromwww.bbc.com
3 days ago

Outsourcing firm Capita fined 14m after millions had data stolen

Capita was fined 14m after a cyber-attack exposed personal data of 6.6 million people due to insufficient security measures.
Information security
fromInfoWorld
12 hours ago

Threat actors are spreading malicious extensions via VS marketplaces

Over 500 Visual Studio extensions contained exposed access tokens and secrets, enabling potential exploitation across thousands of installs due to bundled dotfiles and hardcoded credentials.
fromThe Hacker News
6 hours ago

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News.
Information security
Information security
fromTechzine Global
1 day ago

Critical infrastructure struggles with AI and quantum threats

Critical infrastructure faces rising AI- and quantum-driven cyber risks despite falling breaches; 73% cite AI ecosystem as top security challenge and quantum threatens encryption.
Information security
fromThe Hacker News
1 day ago

Identity Security: Your First and Last Line of Defense

Unrestricted autonomous AI agents with system privileges create identity-based attack surfaces that must be governed and proven secure to prevent catastrophic automation failures.
fromwww.amny.com
22 hours ago

Column | Final Phase for NY Cybersecurity Regulation: Is Your Financial Institution in Compliance? | amNewYork

In August, the New York State Department of Financial Services reached agreement with Healthplex, Inc., a licensed insurance agent and independent adjuster, to pay a $2 million civil penalty after a hacker executed a phishing attack on an employee's email and gained access to the private health data and sensitive nonpublic information of tens of thousands of Healthplex consumers. Eight years in the making, the final phase of New York's groundbreaking Cybersecurity Regulation Part 500 takes effect Nov. 1.
Information security
fromSecuritymagazine
1 day ago

Security Leaders Share Why 77% Organizations Lose Data Due to Insider Risks

"Every day, organizations face a spectrum of insider risk, from accidental missteps to deliberate sabotage," states Dr. Margaret Cunningham, Vice President of Security & AI Strategy at Darktrace. "The high-profile cases we see in headlines - sabotage, bribery, espionage - are real and damaging, but they're relatively rare. The daily reality is far more mundane: employees forwarding files to personal accounts, bypassing controls to meet deadlines, or uploading sensitive data into unsanctioned AI tools. These 'tiny crimes' are normalized behaviors that, at scale, create significant organizational risk."
Information security
Information security
fromIT Pro
1 day ago

Thousands of exposed civil servant passwords are up for grabs online

Over 3,000 UK civil servants' passwords were exposed publicly, with hundreds of unique and repeated credentials across multiple government departments and councils.
Information security
fromTechzine Global
1 day ago

Hackers exploit Cisco vulnerability to install rootkit on switches

Operation Zero Disco exploits a Cisco SNMP zero-day (CVE-2025-20352) to install persistent Linux rootkits on vulnerable IOS and IOS XE switches.
#cybersecurity
fromIrish Independent
1 day ago
Information security

'Shame on you!' - Brian O'Driscoll's speech interrupted by protesters at tech event linked to Israeli military

fromSecuritymagazine
4 days ago
Information security

Cyber Resilience Now: Why 2025 Demands a Shift from Defense to Readiness

State-backed cyber campaigns are becoming patient, infrastructure-focused threats; organizations must prioritize resilience—withstanding attacks, recovering rapidly, and maintaining operations amid sophisticated compromises.
fromComputerWeekly.com
4 days ago
Information security

NCSC calls for action after rise in 'nationally significant' cyber incidents | Computer Weekly

UK nationally significant cyber incidents more than doubled to over 200, driven by ransomware and large-scale exploitation of vulnerabilities causing serious disruption.
fromIrish Independent
1 day ago
Information security

'Shame on you!' - Brian O'Driscoll's speech interrupted by protesters at tech event linked to Israeli military

Information security
fromComputerworld
19 hours ago

For October's Patch Tuesday, a scary number of fixes

Microsoft released 175 updates including four zero-day vulnerabilities; Windows systems require immediate patching while other updates can follow normal schedules.
Information security
fromInfoQ
1 day ago

Slack Security: Inside the New Anomaly Event Response Architecture

Slack's Anomaly Event Response autonomously detects high-confidence threat behaviors and rapidly terminates affected sessions, reducing detection-to-mitigation time from hours to minutes.
Information security
fromThe Hacker News
1 day ago

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft revoked over 200 certificates used by Vanilla Tempest to sign fake Teams installers delivering the Oyster backdoor and Rhysida ransomware.
#etherhiding
#oracle-e-business-suite
fromSecuritymagazine
1 day ago

AI Agents and Holiday Travel: A New Fraud Frontier

Travelers and fraudsters both use AI agents now, creating a challenge for fraud detection teams: How do they tell the difference between a real customer booking their own travel, an automated agent acting on behalf of a user, and an automated malicious agent that is engaging in legitimate user workflows? The problem becomes more complex as fraudsters have already tested these tactics during summer travel and are ready to exploit the busiest travel season of the year: the holidays.
Information security
Information security
fromZDNET
18 hours ago

Dashlane debuts passwordless access to its password manager - but beware this major hitch

Dashlane now supports FIDO passkeys for passwordless desktop logins, aiming to reduce phishing by eliminating passwords, though mobile support arrives later.
fromThe Hacker News
22 hours ago

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming closer to each other more than ever, even as the latter has been fitted with a new module for keylogging and taking screenshots.
Information security
Information security
fromTheregister
1 day ago

'Fax virus' panicked a manager and cost consultant their job

A fax-based virus hoax in a 1990s government office caused alarm, was scanned into email, and was exposed via a Reply-All correction.
fromThe Cipher Brief
2 days ago

Why the U.S. Is Losing the Cognitive Competition

EXPERT OPINION - In order for the U.S. to successfully compete for global influence against its adversaries and to avoid a kinetic fight, we must excel at cognitive warfare; that is military activities designed to affect attitudes and behaviors. This type of warfare is a subset of irregular warfare (IW) and combines sensitive activities to include information operations, cyber, and psychological operations to meet a goal. To develop these kinds of operations, the U.S. needs intelligence professionals who are creative and experts in their field.
Information security
Information security
fromWordtothewise
23 hours ago

B2B Spam: Strapi, Unstructured and Reo

A unique email given to Strapi for a demo later received unsolicited promotional mail from an unrelated company, indicating a possible unauthorized exposure of Strapi customer contact data.
Information security
fromZDNET
23 hours ago

This tiny travel cable could be the best $15 I've ever spent on security - here's why

Data-blocking USB-C cables allow power delivery up to 240W while blocking data connections to prevent juice jacking during public charging.
Information security
fromSlate Magazine
1 day ago

I Got a Fraud Alert Text From My Bank, Then a Phone Call. I Can't Forgive Myself for What Happened Next.

Even financially responsible people can fall for convincing bank-impersonation scams; banks may initially miss fraud, recovery can take months, and victims should avoid self-blame.
#phishing
fromIT Pro
2 days ago
Information security

77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thing

Security leaders click phishing links at high rates while often punishing staff, and improved, education-first training significantly reduces long-term phishing risk.
fromIT Pro
2 days ago
Information security

Been offered a job at Google? Think again. This new phishing scam is duping tech workers looking for a career change

Google Careers-themed phishing campaign targets tech workers by impersonating recruiter outreach, using fake scheduling pages and Captchas to capture contact details and steal login credentials.
fromIT Pro
2 days ago
Information security

77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thing

fromIT Pro
2 days ago
Information security

Been offered a job at Google? Think again. This new phishing scam is duping tech workers looking for a career change

#f5
fromIT Pro
2 days ago
Information security

Hackers stole source code, bug details in disastrous F5 security incident - here's everything we know and how to protect yourself

fromNextgov.com
2 days ago
Information security

CISA orders government to patch F5 products after 'nation-state' cyber intrusion

fromIT Pro
2 days ago
Information security

Hackers stole source code, bug details in disastrous F5 security incident - here's everything we know and how to protect yourself

fromNextgov.com
2 days ago
Information security

CISA orders government to patch F5 products after 'nation-state' cyber intrusion

#f5-breach
fromWIRED
1 day ago
Information security

Why the F5 Hack Created an 'Imminent Threat' for Thousands of Networks

A nation-state hacking group breached F5, accessed BIG-IP build systems, source code, and customer configurations, creating an imminent supply-chain threat to thousands of sensitive networks.
fromArs Technica
2 days ago
Information security

Breach of F5 requires "emergency action" from BIG-IP users, feds warn

A nation-state hacking group breached F5, stole BIG-IP build systems, source code, and customer configurations, creating imminent supply-chain exploitation risk for thousands of networks.
fromWIRED
1 day ago
Information security

Why the F5 Hack Created an 'Imminent Threat' for Thousands of Networks

Information security
fromSecuritymagazine
2 days ago

Don't Wait, Advocate: K-12 Cybersecurity Needs Our Help

Expiration of CISA 2015 heightens K-12 cyberrisk by removing safe information-sharing, forcing schools and governments to adopt new structures to protect students and their data.
Information security
fromTechzine Global
2 days ago

Chinese state hackers prime suspects in F5 breach

China-linked state hackers breached F5's BIG-IP development environment, stole portions of source code, maintained access for at least twelve months, and forced urgent worldwide patching.
Information security
fromIT Pro
2 days ago

Cloud security: How to detect breaches and stop them quickly

Slow detection and remediation leave cloud breaches exposed: only 9% detected within an hour and most enterprises take over 24 hours to recover.
fromFortune
1 day ago

Gen Z's digital native status is a double-edged sword. They have cyber blind spots | Fortune

Members of Gen Z are often referred to as "digital natives." They were born and raised in the internet era and have been engaging with computers, tablets, smartphones, and other connected devices from an early age. In many ways, this gives Gen Z an advantage in today's increasingly digital working environments-but that isn't always the case. In fact, research has consistently shown that each generation has its own unique blind spots when it comes to safely navigating the digital realm.
Information security
Information security
fromThe Hacker News
2 days ago

Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform

Traditional SOC models cannot scale; AI-driven automation and a mindset shift are required to handle overwhelming alert volumes and improve detection and response.
Information security
fromComputerWeekly.com
2 days ago

Gitex 2025: Help AG aims to be global cyber force as UAE leads AI security transformation | Computer Weekly

Help AG delivers sovereign, regulation-aligned cyber security and AI-driven services to governments and critical industries, expanding from the GCC into global markets.
fromThe Hacker News
2 days ago

Beware the Hidden Costs of Pen Testing

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money - while producing inferior results. The benefits of pen testing are clear. By empowering "white hat" hackers to attempt to breach your system using similar tools and techniques to an adversary, pen testing can provide reassurance that your IT set-up is secure. Perhaps more importantly, it can also flag areas for improvement.
Information security
#ransomware
fromThe Walrus
2 days ago
Information security

The Cyberattack That Stole 280,000 Identities-and Showed How Easily We Can Be Duped | The Walrus

fromDataBreaches.Net
2 days ago
Information security

The Alliance That Wasn't: A Critical Analysis of ReliaQuest's Q3 2025 Ransomware Report - DataBreaches.Net

fromThe Walrus
2 days ago
Information security

The Cyberattack That Stole 280,000 Identities-and Showed How Easily We Can Be Duped | The Walrus

fromDataBreaches.Net
2 days ago
Information security

The Alliance That Wasn't: A Critical Analysis of ReliaQuest's Q3 2025 Ransomware Report - DataBreaches.Net

fromThe Hacker News
2 days ago

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks

The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
Information security
Information security
fromZero Day Initiative
1 day ago

Zero Day Initiative - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More!

Master of Pwn awards a trophy and 65,000 ZDI points; points are earned per successful attempt and determine the overall Pwn2Own winner.
fromTheregister
1 day ago

CVE, CVSS scores need overhauling, argues Codific CEO

His analysis cites academic research published in August as part of the USENIX Security Symposium. The paper, "Confusing Value with Enumeration: Studying the Use of CVEs in Academia," (Moritz Schloegel et al.), reports that 34 percent of 1,803 CVEs cited in research papers over the past five years either have not been publicly confirmed or have been disputed by maintainers of the supposedly vulnerable software projects. The authors argue that CVEs should not be taken as a proxy for the real-world impact of claimed vulnerabilities.
Information security
fromDataBreaches.Net
2 days ago

Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate - DataBreaches.Net

The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation's reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable threat groups extorting organizations today. Most notably, they recently claimed responsibility for the September ransomware attack that crippled operations and manufacturing functions at Japanese brewing conglomerate, Asahi Group Holdings, for nearly two weeks.
Information security
Information security
fromTheregister
2 days ago

Microsoft patches ASP.NET Core bug rated highly critical

A critical Kestrel request smuggling vulnerability in ASP.NET Core (CVE-2025-55315) can hide requests to bypass authentication and security checks; patch urgently.
fromZDNET
1 day ago

Still on Windows 10? Here's what Microsoft Defender can and can't do for you

You probably know by now that 10-year-old Windows 10 is no longer supported. Microsoft won't provide bug fixes, security patches, or other important updates to defend these PCs against new vulnerabilities. However, if you're still running Windows 10, the good news is Microsoft Defender will still protect your computer against viruses and other threats. Protected by Defender In a Tuesday blog post spotted by the folks at Neowin, Microsoft explained how Defender in its different incarnations will continue to work as expected in Windows 10.
Information security
Information security
fromInfoQ
2 days ago

Pixnapping: Side-Channel Vulnerability Allows Android Apps to Capture Sensitive Screen Data

Pixnapping is a new Android attack that steals on-screen pixels from other apps, compromising sensitive data in virtually all apps.
Information security
fromZDNET
1 day ago

Set up this new Google account recovery feature ASAP - and never get locked out again

Assign trusted recovery contacts to help regain access to a Google account and configure up to ten contacts for account recovery.
fromZDNET
1 day ago

ClickFix attacks are surging, and Microsoft says you are the only defense

The tech giant published its latest Microsoft Digital Defense Report on Thursday. On average, Microsoft processes over 100 trillion signals every day, blocks approximately 4.5 million new malware attempts, screens 5 billion emails for malware and phishing, and scrutinizes approximately 38 million identity risk detections, which grants the company the data needed to provide a thorough overview of current cybercriminal trends, tactics, and techniques.
Information security
Information security
fromFast Company
1 day ago

Russia, China crank up AI-powered cyberattacks on the U.S., Microsoft warns

Adversarial states and criminal groups increasingly use AI to create deceptive content and bolster cyberattacks against U.S. targets and critical infrastructure.
Information security
fromChannelPro
1 day ago

Observability opens up new opportunities for the channel

Observability platforms are rapidly growing, creating SaaS opportunities for channel partners as organizations invest to protect cloud investments and improve operational and security visibility.
Information security
fromThe Hacker News
1 day ago

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

UNC5142 leverages compromised WordPress sites and BNB Smart Chain smart contracts to deliver information-stealing malware to Windows and macOS systems.
Information security
fromArs Technica
1 day ago

Nation-state hackers deliver malware from "bulletproof" blockchains

Malicious actors are embedding malware in public cryptocurrency smart contracts (EtherHiding) to create tamper-resistant, low-cost bulletproof hosting for malware distribution.
Information security
fromTheregister
1 day ago

AI makes phishing 4.5x more effective, Microsoft says

AI-automated phishing emails achieve 54% click-through rates, making recipients 4.5 times likelier to click and potentially increasing phishing profitability up to 50-fold.
Information security
fromTheregister
1 day ago

Locked out of your Gmail account? Google says call a friend

Gmail allows users to designate trusted contacts who can receive recovery codes and assist account recovery when other authentication methods are unavailable.
Information security
fromDataBreaches.Net
2 days ago

Gov't seeks police probe of KT for allegedly obstructing data breach investigation - DataBreaches.Net

KT allegedly obstructed a government probe into unauthorized mobile-payment breaches by submitting false server disposal timing information and concealing backup logs and evidence.
Information security
fromTheregister
1 day ago

Chinese cyberspies compromised Russian tech provider

Chinese state-linked APT group Jewelbug compromised a Russian IT services firm from early 2025 to May, risking software supply-chain attacks on customers.
Information security
fromZDNET
2 days ago

Scam texts net over $1 billion for cyber gangs - how to avoid their traps

Chinese-run scam networks use SIM farms and US-based mules to phish payment data, clone cards, buy luxury goods, and steal over $1 billion.
fromThe Hacker News
1 day ago

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

"This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other hand to be remotely activated upon receiving a 'magic packet,'" security researcher Théo Letailleur said. The infection, per the French cybersecurity company, involved the attackers exploiting an exposed Jenkins server vulnerable to CVE-2024-23897 as the starting point, following which a malicious Docker Hub image named "kvlnt/vv" (now removed) was deployed on several Kubernetes clusters.
Information security
Information security
fromTechCrunch
1 day ago

Amazon's Ring to partner with Flock, a network of AI cameras used by ICE, feds, and police | TechCrunch

Ring partnered with Flock, allowing agencies to request Ring users' footage and expanding law enforcement access while raising privacy, bias, and security concerns.
Information security
fromTechzine Global
2 days ago

Qualys expands ETM security platform with identity security and better insight into threats

Qualys ETM introduces AI-driven ETM Identity, TruLens, and TruConfirm to predict and prevent cyber threats by securing identities, feeding real-time threat intelligence, and automating responses.
fromThe Hacker News
3 days ago

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Red Lion's Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors. These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet "Universal" protocol used to interface and enable communication between the kit and the RTUs.
Information security
#f5-networks
fromTechCrunch
2 days ago
Information security

Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data | TechCrunch

fromTechCrunch
2 days ago
Information security

Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data | TechCrunch

fromComputerWeekly.com
3 days ago

China responsible for rising cyber attacks, says NCSC | Computer Weekly

The NCSC also reported that hostile states are using artificial intelligence (AI) to increase the efficiency and frequency of their existing attack methods, but are not yet using the technology for novel attacks. Actors linked to China, Russia, Iran and North Korea are starting to use large language models to evade detection, exfiltrate data, research security vulnerabilities and devise social engineering to gain access to systems.
Information security
fromThe Hacker News
3 days ago

How Attackers Bypass Synced Passkeys

Passkeys are credentials stored in an authenticator. Some are device-bound, others are synced across devices through consumer cloud services like iCloud and Google Cloud. Sync improves usability and recovery in low-security, consumer-facing scenarios, but shifts the trust boundary to cloud accounts and recovery workflows. The FIDO Alliance and Yubico, have both issued important advisories for enterprises to evaluate this split and to prefer device-bound options for higher assurance.
Information security
Information security
fromSecuritymagazine
3 days ago

CISOs Under Pressure: How Security Leaders Can Reclaim Their Seat at the Board Table

CISO-board alignment is eroding as reputational concerns and cost-centered metrics silence disclosure and weaken security influence, increasing breach risk and financial impact.
Information security
fromThe Hacker News
3 days ago

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP released patches for 13 vulnerabilities including a CVSS 10.0 insecure deserialization in NetWeaver AS Java enabling arbitrary OS command execution.
Information security
fromInfoQ
3 days ago

HashiCorp Warns Traditional Secret Scanning Tools Are Falling Behind

Traditional secret scanning tools fail to prevent secret exposure; prevention-first integration across developer tools, CI/CD pipelines, and incident response is required.
Information security
fromChannelPro
3 days ago

Future-proofing cybersecurity: Understanding Quantum-Safe AI and how to create resilient defences.

Quantum computing threatens current public-key encryption, prompting deployment of NIST-standard post-quantum algorithms for secure key exchange and digital signatures.
Information security
fromIT Pro
3 days ago

Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens - Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since July

Whisper 2FA is a PhaaS tool that steals credentials and MFA tokens from Microsoft 365 accounts while evading detection through advanced obfuscation.
fromThe Hacker News
3 days ago

Two New Windows Zero-Days Exploited in the Wild - One Affects Every Version Ever Shipped

Of the 183 vulnerabilities, eight of them are non-Microsoft issued CVEs. As many as 165 flaws have been rated as Important in severity, followed by 17 as Critical and one as Moderate. The vast majority of them relate to elevation of privilege vulnerabilities (84), with remote code execution (33), information disclosure (28), spoofing (14), denial-of-service (11), and security feature bypass (11) issues accounting for the rest of them.
Information security
fromZDNET
3 days ago

5 ways the Linux nmap command can help keep your network secure

The nmap command (short for network mapper) is a network exploration/security auditing tool that can rapidly scan networks to help you find out what hosts are available. With nmap, you can discover open ports and services, and even find out what operating systems are on your network. I've used nmap to find out what machines are on a network and what ports/services are open. If I find a port that shouldn't be open, I can close it to avoid security issues.
Information security
fromThe Hacker News
2 days ago

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

"A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base," Wiz security researcher Rami McCarthy said in a report shared with The Hacker News. "An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base."
Information security
Information security
fromComputerWeekly.com
2 days ago

Patch Tuesday: Windows 10 end of life pain for IT departments | Computer Weekly

A legacy Agere modem kernel driver (ltmdm64.sys) contains a zero-day (CVE-2025-24990) used for privilege escalation, and Microsoft removed the driver to eliminate the risk.
Information security
fromThe Hacker News
2 days ago

Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months

China-linked Jewelbug conducted a five-month intrusion into a Russian IT service provider, accessing code repositories and exfiltrating data to Yandex Cloud.
Information security
fromComputerWeekly.com
3 days ago

Singapore Transport Authority enhances critical railway infrastructure with optical LAN | Computer Weekly

Singapore's LTA deployed Nokia IP/MPLS and fibre optical LAN solutions to deliver high-availability, reliable, secure real-time CCTV surveillance across its rail network.
Information security
fromZDNET
3 days ago

Why Windows 11 requires a TPM - and how you can get around it

A TPM is a secure cryptoprocessor that stores keys and performs cryptographic operations to enable features like Secure Boot, BitLocker, and Windows Hello.
Information security
fromZDNET
3 days ago

Windows 10's final update is a big one - with a record 173 bug fixes

Microsoft delivered 173 security fixes in October, marking the final Patch Tuesday for Windows 10 while new features were reserved for Windows 11.
Information security
fromThe Hacker News
4 days ago

Moving Beyond Awareness: How Threat Hunting Builds Readiness

Security awareness campaigns raise awareness but must be paired with continuous validation and proactive threat hunting to sustain security and prevent lapses.
Information security
fromComputerWeekly.com
3 days ago

Cohesity CEO: 'The Middle East is moving faster than any other region in data resilience' | Computer Weekly

Cohesity provides an immutable, zero‑trust cyber resilience platform using generative AI to secure, detect, and rapidly recover enterprise data globally and in the Middle East.
[ Load more ]