Federal officials are urging U.S. companies to bolster their cybersecurity defenses following escalating tensions in the Middle East. Iran strikes prompt U.S. agencies to warn that retaliatory cyber operations could soon target critical infrastructure, including energy, transportation and communication systems. The Department of Homeland Security has advised businesses to assess vulnerabilities and prepare incident response […]
Cybersecurity firm Claroty has uncovered significant vulnerabilities across building management systems, revealing widespread exposure to ransomware threats and insecure internet configurations. In its latest findings, Claroty finds ransomware risks tied to known exploited vulnerabilities (KEVs) that attackers could weaponize to disrupt critical infrastructure operations. The report highlights numerous systems with direct internet exposure, increasing the […]
The European Cyber Security Organisation announced that Dr. Joanna Świątkowska will assume the role of Secretary General starting July 2025. ECSO names Świątkowska successor to founding Secretary General Dr. Luigi Rebuffi, who has led the organization since its inception. The appointment marks a significant leadership transition for ECSO, which plays a central role in strengthening […]
Citrix has issued patches for a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that attackers exploited as a zero-day. The Citrix ZeroDay Flaw Hit impacted systems before security teams could deploy fixes, prompting urgent updates across affected infrastructure. The company confirmed the exploitation and addressed the issue through newly released security updates. […]
The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active threats to critical systems. CISA flags D-Link flaws among the trio, alongside issues affecting AMI’s MegaRAC and Fortinet’s FortiOS. The agency urged immediate mitigation to reduce potential exposure to attacks. The vulnerabilities include […]
WinRAR has released a security update to resolve a directory traversal vulnerability identified as CVE-2025-6218. Under specific conditions, the flaw could allow malware to execute automatically after a user extracts a specially crafted archive. This update follows reports that threat actors might exploit the vulnerability to bypass standard file extraction safety measures. WinRAR fixes flaw […]
NHS England backs Medicus as the first supplier to deliver a fully assured core IT system for general practitioners under its new Tech Innovation Framework. The approval marks a significant step in modernizing digital infrastructure across primary care, aiming to streamline clinical operations and improve patient outcomes. The system, developed by Medicus Health, passed all […]
Mozilla has released Firefox 140, addressing a collection of critical security vulnerabilities that include a high-severity code execution flaw. Firefox 140 patches critical issues such as CVE-2025-6424, a use-after-free bug in the FontFaceSet component, which could allow attackers to execute arbitrary code on targeted systems. The update resolves 12 security flaws, including CVE-2025-6436, a group […]
A newly discovered vulnerability in Realtek’s RTL8762E SDK v1.4.0 exposes devices to denial-of-service attacks via the Bluetooth Low Energy Secure Connections pairing protocol. The Realtek Bluetooth Flaw Lets attackers exploit improper protocol state validation during the pairing process, enabling disruption without requiring authentication or elevated privileges. Researchers identified the flaw in the RTL8762EKF-EVB development board, […]
A British citizen known online as IntelBroker has been charged by U.S. authorities for a series of cyberattacks that allegedly resulted in $25 million in damages. The individual reportedly stole and sold sensitive data from dozens of victims, targeting both private entities and public organizations. British hacker IntelBroker charged in connection with these breaches is […]
Cisco has issued an urgent warning regarding critical security flaws in its Identity Services Engine (ISE) platform, with vulnerabilities rated at the highest severity level. The company flagged the issues as part of its latest security advisory, stating that the flaws could allow remote attackers to execute arbitrary code on affected systems. Cisco flags 10.0 […]
Hackers twist ScreenConnect into a new cyber threat by manipulating the installer’s digital signature, turning the legitimate remote access tool into a vehicle for malware. According to recent findings, threat actors are exploiting the ConnectWise ScreenConnect client by altering concealed settings within its Authenticode signature. This technique allows them to create signed remote access malware […]