Image source: Martin Leber, Shutterstock A who’s who of the tech industry has rallied behind Anthropic’s plan to use a powerful, unreleased AI model to hunt down dangerous software flaws. Here’s what…
2 Zero-Days and 18 Other High Risk Vulns in Microsoft’s April Update
Image source: The KonG, Shutterstock In total, the company released fixes for 165 CVEs this Patch Tuesday Microsoft released fixes for 165 CVEs this month. That is the second highest set of…
Criminals Weaponize Microsoft’s Device Code Authentication in Widescale Phishing Operation
Image source: Honeybe, Shutterstock Researchers at Microsoft have documented a clever Phishing-as-a-Service operation that abuses the OAuth 2.0 device code authorization flow to harvest valid session tokens. Hundreds of organizations have fallen…
Iran-Linked Actors Disrupt Rockwell/Allen Bradley PLCs
Image source: HakanGider, Shutterstock CISA, FBI, other agencies say organizations across multiple critical sectors have experienced operational disruptions and financial losses from the attacks. Iran-affiliated advanced persistent threat groups have successfully compromised…
Are Your Systems Patched Against Storm-1175 Attacks?
Image source: Antony McAulay, Shutterstock The threat actor is exploiting more than 17 flaws in high-velocity campaigns to distribute Medusa ransomware, according to Microsoft. A financially motivated threat actor whom Microsoft is…
Calendar Invite Hijacks Gemini AI
Image source: mundissima via Shutterstock Tel Aviv University-led team shows how attackers can weaponize Google Calendar to manipulate connected home systems through AI exploits. New research has shown how attackers can weaponize…
12 Bugs in Microsoft’s April 2025 Update to Patch Now
Image source: QINQIE99,Shutterstock One of them is a 0-day that a threat actor is using in an ransomware campaign Microsoft has released fixes for 126 vulnerabilities in its April 2025 Patch Tuesday…
NSA, CISA, Others Warn About Fast Flux Threat: Here’s Why
Image source: Shutterstock Enterprise organizations, ISPs and security services providers are not adequately prepared to protect against attacks that leverage the technique, authoring agencies say. The NSA, CISA, and international partners have…
Max Severity Bug Affects MITRE Caldera Adversary Emulation Platform
Image source: MITRE Caldera Users should patch immediately to mitigate risk, Caldera security team says. MITRE’s Caldera team has patched a maximum severity remote code execution bug in the adversary emulation platform…
FBI: Russia’s APT29 May Exploit These 24 vulnerabilities-Be Aware
Image source: Shutterstock Recent flaws that the state-affiliated actor has exploited widely include CVE-2023-42793 in JetBrains TeamCity and CVE-2022-27924 in Zimbra. The FBI in collaboration with the National Security Agency, Cyber National…