Microsoft has patched two critical vulnerabilities in its Remote Desktop services that could allow attackers to execute malicious code remotely, the company said in its May 2025 Patch Tuesday release. The flaws—tracked as CVE-2025-29966 and CVE-2025-29967—affect the Remote Desktop Client and Gateway Service. Both are heap-based buffer overflow vulnerabilities with high CVSS scores, enabling remote […]
Microsoft released security updates addressing 75 vulnerabilities as part of its May Patch Tuesday rollout, with 11 of those flaws rated as critical in severity. The update includes fixes for five vulnerabilities that are currently being exploited in the wild, posing heightened risk to users and organizations. Additionally, two other vulnerabilities patched in this cycle […]
Google Cloud is introducing AI-powered agents under its Gemini in Security suite, aimed at transforming cybersecurity operations by streamlining routine tasks and enhancing efficiency. The tools are designed to alleviate the manual workload of security teams, particularly by automating repetitive functions and accelerating technical processes such as the generation of regular expressions—a common but time-consuming […]
Cisco Systems is signaling a bold move into quantum computing by unveiling plans to interconnect smaller quantum machines into a unified, large-scale system. While much of the initiative remains in the theoretical and prototype stages, the company’s decision to disclose its ambitions underscores a strong internal belief in the viability of its approach. The announcement […]
A Chinese state-linked threat actor identified as Chaya_004 has been observed exploiting a critical remote code execution vulnerability in SAP NetWeaver, researchers at Forescout Vedere Labs said in a report released Tuesday. The flaw, tracked as CVE-2025-31324, carries a maximum CVSS severity score of 10.0 and has been under active exploitation since April 29, 2025. […]
Roblox Corp. is facing a lawsuit that accuses the gaming platform of covertly tracking children’s online behavior to profit from their personal data. According to a report by Hackread, the legal complaint alleges that Roblox used hidden tracking tools embedded within its platform to collect data from underage users without obtaining proper consent. The lawsuit […]
Microsoft has identified a zero-day vulnerability exploited in a cyber-espionage campaign targeting Kurdish military operations in Iraq, the company said. The attacks involve hackers aligned with the Turkish government who have breached Output Messenger, a workplace communication platform, to monitor cross-border activities. According to the tech giant, the threat actors used the software’s weaknesses to […]
Proofpoint Inc., a major player in the cybersecurity sector, has agreed to acquire Hornetsecurity, a European cloud security firm based in Germany, in a deal valued at more than $1 billion. The acquisition is expected to close later this year, pending regulatory approvals and customary closing conditions. Hornetsecurity specializes in safeguarding companies from cloud-based threats, […]
European Digital Rights (EDRi), a civil society group focused on digital rights, has urged the European Commission to uphold the General Data Protection Regulation (GDPR) amid concerns it may be reopened for revision. In a public statement, the organization warned that altering the landmark privacy law could jeopardize fundamental rights and weaken accountability in the […]
The FBI has issued a warning about a growing wave of scams using artificial intelligence to replicate the voices of U.S. government officials. According to the agency, cybercriminals are leveraging advanced AI tools to create convincing audio deepfakes, deceiving victims into believing they are speaking with federal authorities. These voice-cloning schemes are being used to […]
Google released a critical security update for its Chrome browser on May 21, patching eight vulnerabilities—including a high-severity flaw that could enable remote code execution. The most pressing issue, tracked as CVE-2025-5063, is a “use-after-free” vulnerability in Chrome’s Compositing system, which could allow attackers to run malicious code by luring users to compromised websites. The […]
A newly identified technique is allowing threat actors to bypass SentinelOne’s endpoint detection and response (EDR) system, enabling the deployment of Babuk ransomware without triggering alerts, according to Aon’s Stroz Friedberg Incident Response team. Dubbed “Bring Your Own Installer,” the method exploits a flaw in SentinelOne’s agent upgrade process, terminating protection processes and leaving systems […]