Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction. READ MORE...
Lee Enterprises, a leading U.S. newspaper chain, said it is investigating a cybersecurity incident that led to disruption of the company's operations, according to a Friday securities filing. Lee Enterprises has notified law enforcement and is working with third-party forensic specialists to restore its systems and figure out the full extent of the impact. The company is reviewing the full impact of the attack on its financial condition, operations and internal controls. READ MORE...
Industrial giants Schneider Electric and Siemens have released their February 2025 Patch Tuesday ICS security advisories. Siemens has published 14 new advisories covering a total of approximately 100 vulnerabilities. This includes roughly 70 third-party component issues addressed in Scalance W devices. Schneider Electric has published four new advisories covering a total of nine vulnerabilities. READ MORE...
Intel, which in 2024 patched a total of 374 vulnerabilities, published 34 new advisories on Tuesday. Only one advisory has an overall severity rating of 'critical'. It describes Server Board BMC vulnerabilities that can lead to privilege escalation, information disclosure and denial of service (DoS). Intel Server Board products are affected by a critical unauthenticated privilege escalation issue introduced by the use of AMI BMC firmware. READ MORE...
Ivanti and Fortinet on Tuesday announced patches for vulnerabilities found recently in their product portfolios, including critical- and high-severity flaws that could lead to remote code execution. Ivanti rolled out fixes for 11 security defects across Connect Secure (ICS), Policy Secure (IPS), Secure Access Client (ISAC), Neurons for MDM (N-MDM), and Cloud Services Application (CSA). READ MORE...
While you might think you're hitting the jackpot, whether you've consented to it or not, online gambling sites are playing with your data. Users' data, including details of webpages they visited and buttons they clicked, are being shared with Meta, Facebook's parent company. The Observer reports that over 150 UK gambling websites have been extracting visitor data through a hidden embedded tracking tool, and then sending that data to Meta in order to profile people as gamblers. READ MORE...
As an online seller, you're already juggling product listings, customer service and marketing-so the last thing you need is to be targeted by scammers. Unfortunately, a new scam is making the rounds, and it's crucial to recognize the warning signs before you fall victim. In this post, we'll walk you through exactly how this scam works, show you what to watch out for, and give you tips on keeping your Etsy account secure. READ MORE...
Researchers discovered two active exploits of zero-day vulnerabilities in warehouse management software platform VeraCore. The zero-day flaws were used in cyberattacks by a cybercriminal gang known as XE Group, which was first observed in 2013 and has previously focused on credit card-skimming and password-stealing malware, according to researchers at Intezer and Solis Security, who spotted the attacks. READ MORE...
In the nascent field of AI hacking, indirect prompt injection has become a basic building block for inducing chatbots to exfiltrate sensitive data or perform other malicious actions. Developers of platforms such as Google's Gemini and OpenAI's ChatGPT are generally good at plugging these security holes, but hackers keep finding new ways to poke through them again and again. Researcher Johann Rehberger demonstrated a new way to override prompt injection defenses Google built into Gemini. READ MORE...