Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options. READ MORE...
F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what it's calling a "highly sophisticated" cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of the breach under Item 1.05(c) of Form 8-K due to ongoing law enforcement considerations. READ MORE...
The Trump administration is pursuing twin strategies to shrink the Cybersecurity and Infrastructure Security Agency, laying off staffers and ordering others to either take new jobs elsewhere or leave the government. The layoffs and forced relocations are the latest phase of the White House's massive downsizing of CISA, which experts warn could further deplete the U.S.'s already weakened cyber-defense force. READ MORE...
Adobe on Tuesday announced patches for over 35 vulnerabilities in its products, including a critical-severity bug in the Adobe Connect collaboration suite. The critical flaw, tracked as CVE-2025-49553 (CVSS score of 9.3), is described as a cross-site scripting (XSS) issue that could be exploited to execute arbitrary code. Fixes for the security defect were included in Adobe Connect version 12.10 which has been rolled out to Windows and macOS systems with patches for two other flaws. READ MORE...
Fortinet and Ivanti have announced their October 2025 Patch Tuesday updates, which fix potentially serious vulnerabilities across their products. Fortinet has published 29 new advisories covering more than 30 vulnerabilities. Several of the flaws have been assigned a 'high severity' rating, including CVE-2025-54988, which impacts FortiDLP due to its use of Apache Tika. Ivanti has announced the availability of patches for vulnerabilities in Endpoint Manager Mobile (EPMM) and Neurons for MDM. READ MORE...
The October 2025 Patch Tuesday has brought advisories from several major ICS/OT vendors, including Siemens, Schneider Electric, Rockwell Automation, ABB, Phoenix Contact, and Moxa. Siemens has published six new advisories, including two that describe critical vulnerabilities. One of them is a critical flaw in TeleControl Server Basic, which can allow an unauthenticated, remote attacker to obtain user password hashes. The attacker can then log in and perform unauthorized operations. READ MORE...
Scientists from several US universities intercepted unencrypted broadcast through geostationary satellites using only off-the-shelf equipment on a university rooftop. Geostationary satellites move at the same speed as the Earth's rotation so it seems as though they are always above the same exact location. To maintain this position, they orbit at an altitude of roughly 22,000 miles (36,000 kilometers). READ MORE...
The U.S. government has seized about $15 billion worth of Bitcoin connected to what prosecutors call one of the largest cryptocurrency fraud and human trafficking operations ever uncovered. Federal prosecutors in Brooklyn have charged Chen Zhi, also known as "Vincent," the founder and chairman of Cambodia's Prince Holding Group, with wire fraud conspiracy and money laundering conspiracy. If convicted, Chen faces up to 40 years in prison. READ MORE...
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. The flaw was addressed with an out-of-band security update released over the weekend, which Oracle said could be used to access "sensitive resources." "This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite," reads Oracle's advisory. READ MORE...