The Board of the Python Software Foundation has resolved to amend the Bylaws, effective July 23, 2025, to remove a condition preventing compliance with data privacy laws.
The Geco color picker extension, while appearing safe and helpful, hijacks browser sessions, tracks user activities, and backdoors victims' web browsers, highlighting significant security concerns.
Consumers in Ireland are facing confusion as legitimate text messages are being flagged as scams under the new ComReg scheme. Patients receive 'likely scam' notifications for appointments, despite hospitals being verified.
For the first time this year, Microsoft has released a Patch Tuesday bundle with no exploited security problems, although one has been made public. July's software flaw fix package includes 130 patches with one earning a CVSS score of over nine - CVE-2025-47981, which breaks SPNEGO security protocols with a heap-based buffer overflow that allows remote code execution. The other nine critical issues include four in Office, where four flaws allow for remote code execution.
Genevieve Stark, head of cybercrime analysis at Google Threat Intelligence Group, noted that "instability within the extortion ecosystem can have serious implications for ransomware and data theft extortion victims."
"I got really good at buying drugs," she says with a laugh. "So I was recruited by the Pennsylvania Attorney General's Office, Bureau of Narcotics and spent the last 10 years of my law enforcement career there."
Cisco has released patches for a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, CVE-2025-20309, carries a CVSS score of 10.0, allowing an attacker to log in using the root account with static credentials that cannot be changed. Cisco advises users to upgrade to the latest version or apply the CSCwp27755 patch as there are no workarounds.
Researchers found that verified extensions in Visual Studio Code, Visual Studio, and IntelliJ IDEA can retain their checkmark after being modified, allowing malicious versions to maintain trusted status.
Cloudflare's new tool empowers publishers to effectively block AI crawlers at the click of a button, marking a significant victory in their battle against content theft.
Healthline Media LLC will pay $1.55 million in penalties for privacy violations under a pending settlement with California Attorney General Rob Bonta. The settlement is the largest for violations under the California Consumer Privacy Act. The website publisher did not allow consumers to opt out of targeted advertising, and it shared data without proper protections.