SAP rolled out a new set of patches addressing critical vulnerabilities that expose enterprise systems to remote code execution and injection attacks. The November Security Patch Day update includes 18 new security notes and two revisions, reinforcing SAP’s efforts to secure its product line. Among the most severe flaws is CVE-2025-42890, a critical vulnerability in […]
The HydraPWK project has rolled out its Apes-T1 snapshot, enhancing its Linux-based penetration testing platform with improved compliance and usability. In this update, HydraPWK challenges Kali naturally by replacing Elasticsearch with OpenSearch, addressing licensing concerns while boosting performance for embedded system assessments. Designed for real-time industrial operations, HydraPWK integrates OpenSearch Dashboards with Arkime to deliver […]
The UK Ministry of Defence has awarded IBM a £320 million contract to develop and support an integrated digital platform for managing military equipment. As UK Defence taps IBM for this major investment, the platform is expected to streamline asset tracking, logistics, and maintenance across all service branches. The contract forms part of the MoD’s […]
The UK Justice Ministry has launched a new technology challenge to address the growing threat of drones attempting to breach prison security. The initiative seeks innovative solutions that can detect, track, or disrupt unauthorized drone activity near correctional facilities. The program will offer funding to successful applicants, enabling them to develop proof-of-concept technologies aimed at […]
Forescout warns xIoT growth is rapidly outpacing existing security measures across critical infrastructure, exposing operational environments to increasing cyber risk. According to new research released by the cybersecurity firm, the expanding extended Internet of Things (xIoT) ecosystem now includes a broad range of interconnected devices that lack adequate protections. The report highlights that essential sectors—such […]
Google patched two vulnerabilities in Android’s System component as part of its November 2025 security update, including a critical flaw that could enable remote code execution without user interaction. The 2025-11-01 patch level, released this month, addresses both issues. Google patches critical Android flaws regularly, but this month’s update focuses solely on these two. The […]
The U.S. weighs TP-Link router restrictions as multiple federal agencies move to address rising national security concerns tied to the company’s links with China. According to a report from The Washington Post, the Commerce Department, Justice Department, Department of Homeland Security, and Department of Defense have jointly proposed a ban on future sales of TP-Link […]
Microsoft security researchers have identified a new malware strain, dubbed SesameOp, that leverages OpenAI’s Assistants API to establish a covert command-and-control channel. In this latest discovery, Microsoft finds malware using OpenAI to evade detection and maintain persistent access to compromised systems. The attackers exploit the legitimate AI platform to issue instructions and receive stolen data […]
Apple rolled out iOS 26.1 and iPadOS 26.1 this week, delivering critical security patches across more than 50 vulnerabilities that could expose user data or crash core apps. The update spans iPhone 11 and newer, alongside a range of iPad models. Apple fixes iOS flaws by improving memory handling, tightening sandbox enforcement, and restricting app […]
Hackers scan WSUS ports 8530 and 8531 in rising numbers, targeting a critical vulnerability identified as CVE-2025-59287. Cybersecurity researchers and firewall monitoring firms have reported a sharp increase in network reconnaissance aimed at Windows Server Update Services (WSUS) infrastructure. Experts link this activity to potential exploitation efforts as attackers seek to identify unpatched systems. The […]
Microsoft uncovered a new cyber threat dubbed “SesameOp,” a stealthy backdoor that exploits OpenAI’s Assistants API to conduct command-and-control operations. Unlike conventional malware that uses standard communication channels, SesameOp leverages the AI interface to evade detection, prompting concerns about novel abuse vectors. Microsoft uncovers OpenAI abuse in this context as part of a broader analysis […]
Cybersecurity firm PQShield has joined forces with government IT solutions provider Carahsoft to expand access to post-quantum cryptography tools across U.S. government agencies. The collaboration, which sees PQShield Carahsoft bring quantum-ready encryption solutions to the public sector, aims to strengthen defenses against future quantum computing threats. The partnership allows federal, state and local agencies to […]