Researchers have discovered a supply chain risk in a popular installer authoring tool, which they've described as potentially leading to cyberattacks "comparable in scope to supply chain incidents like SolarWinds." Its developers, however, say it's working as intended. The tool, Advanced Installer, is used for building application installers. After developing their software, vendors turn to it to allow their software to install smoothly on customers' systems. READ MORE...
Japanese media giant Nikkei on Tuesday reported that hackers had gained access to employee Slack accounts, stealing information pertaining to thousands of individuals. Nikkei, which is best known for major financial publications such as The Nikkei and Financial Times, said the incident involved malware stealing Slack credentials from an employee's personal computer. The credentials were then used to access employee Slack accounts. READ MORE...
The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. Apache OpenOffice is a free, open-source office suite that includes word processing, spreadsheets, presentations, graphics, and database tools. It's compatible with major file formats, such as Word and Excel, and runs on multiple operating systems. READ MORE...
Iran has carried out highly targeted phishing attacks against prominent US think tanks this summer. Have you ever wondered what the people who don't like you are saying about you? In that way alone, perhaps, you're rather like the Islamic Republic of Iran. Between June and August 2025, the Iranian government spied on American academics and foreign policy experts, hoping to gather strategic intelligence (or maybe just a little gossip). READ MORE...
Apple disclosed an exceptionally high number of vulnerabilities in core services and components used across its most popular devices, as the tech giant addressed 105 vulnerabilities in MacOS 26.1 and 56 vulnerabilities with the release of iOS 26.1 and iPadOS 26.1. The company's latest security update includes some flaws that affect software spanning iPhones, Macs and iPads. Apple did not report active exploitation of any vulnerabilities it patched Monday. READ MORE...
Nation-state goons and cybercrime rings are experimenting with Gemini to develop a "Thinking Robot" malware module that can rewrite its own code to avoid detection, and build an AI agent that tracks enemies' behavior, according to Google Threat Intelligence Group. In its most recent AI Threat Tracker, published Wednesday, the Chocolate Factory says it observed a shift in adversarial behavior over the past year. READ MORE...
Critical flaws in Microsoft Teams can be used to allow an attacker to manipulate messages, spoof notifications and even impersonate executives, according to a report released Tuesday by Check Point Research. Researchers found four vulnerabilities that allow attackers, including external hackers and malicious insiders, to manipulate Teams messages, conduct business email compromise or forge identities in video calls or phone messages. READ MORE...
AMD will issue a microcode patch for a high-severity vulnerability that could weaken cryptographic keys across Epyc and Ryzen CPUs. The flaw, tracked as CVE-2025-62626 (7.2), affects Zen 5 chips with the 16-bit and 32-bit instruction variants. The bug involves RDSEED, a function that generates high-quality random numbers used by security keys. RDSEED provides the true entropy that's required by apps generating high-strength cryptographic keys. READ MORE...