Collaborate Disseminate
By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique that r… Continue reading Microsoft introduces protection against email bombing
If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is comma… Continue reading Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)
Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,… Continue reading Google patches actively exploited Chrome (CVE‑2025‑6554)
While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which … Continue reading CitrixBleed 2 might be actively exploited (CVE-2025-5777)
A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is bein… Continue reading Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)
Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evide… Continue reading Windows 10: How to get security updates for free until 2026
Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall … Continue reading Trojanized SonicWall NetExtender app exfiltrates VPN credentials
A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 20… Continue reading High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has announced. This is intended to be an ongoing process and Microsoft is planning to … Continue reading Microsoft will start removing legacy drivers from Windows Update
The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. The CoinMarketCap compromise CoinMarketCap (aka CMC) is a website popu… Continue reading CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets