Collaborate Disseminate
Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew out information that may benefit them, such as phishi… Continue reading You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code
Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Mana… Continue reading Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)
Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today… Continue reading Qantas data breach could affect 6 million customers
By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique that r… Continue reading Microsoft introduces protection against email bombing
If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is comma… Continue reading Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)
Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,… Continue reading Google patches actively exploited Chrome (CVE‑2025‑6554)
While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which … Continue reading CitrixBleed 2 might be actively exploited (CVE-2025-5777)
A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is bein… Continue reading Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)
Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evide… Continue reading Windows 10: How to get security updates for free until 2026
Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall … Continue reading Trojanized SonicWall NetExtender app exfiltrates VPN credentials