Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available. This month's heavy Patch Tuesday may start to become the norm. READ MORE...
ICS Patch Tuesday advisories were published this month by Siemens, Schneider Electric, and Phoenix Contact. Siemens published only four new advisories. In Sinec INS, the industrial giant fixed authenticated command execution, information disclosure, privilege escalation, and password exposure flaws. The company also addressed a DoS and potential code execution issue in Siprotec 5, and a sensitive information exposure weakness in WinCC Certificate Manager. READ MORE...
Hackers no longer force open the side-window when infostealers can give them a key to the front door. Infostealers have become the primary source of stolen credentials for attackers. Using these credentials is now a favored route for bad actors to access a target effectively as an invited guest. It is quicker, easier, less visible and more effective than forcing an entry. More than 11.1 million devices were infected with infostealers in 2025, reports Flashpoint. READ MORE...
What would you trade for a technology that can do almost anything? For many people, the answer is clear: Everything they thought they could trust. In a few, short years, Artificial Intelligence (AI) tools have granted people unfettered access to easier writing, faster image generation, quicker coding, and near-instantaneous answers, advice, and information-advantages they value and want. But the same tools can also manipulate the broader world online, and people are noticing. READ MORE...
Meta's smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called "NameTag," into its Meta AI companion app, which powers the company's smart glasses. The code was not active, but its presence in an app installed on more than 50 million devices raised immediate concerns about how quickly using smart glasses could slide into biometric surveillance. READ MORE...
At least two Russia-aligned threat clusters have exploited a high-severity WinRAR flaw that has been patched for nearly a year in email-based attacks against military and government organizations in Ukraine. The findings by Trend Micro are further evidence that the vulnerability, tracked as CVE-2025-8088, continues to be a target for threat actors. Russia-backed threat groups tracked as Shadow-Earth-066 and Earth Dahu, aka Gamaredon, are currently targeting the flaw. READ MORE...
A weakness in certain configurations of Microsoft Exchange enables attackers to send an email from any user to a vulnerable organization. That's according to Swiss cybersecurity firm InfoGuard, which published research today concerning a new vulnerability it described as "Ghost-Sender." Specifically, organizations that use Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter as its mail exchange (MX) record are vulnerable to this level of spoofing. READ MORE...