Pro-Russian hackers blamed for water dam sabotage in Norway
The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valves. The attack occurred in April and is thought to have been a demonstration of Russia's ability to remotely hack critical infrastructure in the country. The head of the PST, Beate Gangås, spoke about the incident saying that it was less of an attempt to cause damage than a display of what the hackers can do. READ MORE...
Cisco Patches Critical Vulnerability in Firewall Management Platform
Cisco has published more than 20 security advisories as part of its August 2025 bundled publication for Secure Firewall Management Center (FMC), Secure Firewall Threat Defense (FTD), and Secure Firewall Adaptive Security Appliance (ASA) products. The most serious vulnerability - based on its severity rating - is CVE-2025-20265, a critical flaw affecting the Secure FMC platform designed for managing and monitoring Cisco FTD appliances and other security solutions. READ MORE...
Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products
Rockwell Automation this week published several advisories describing critical- and high-severity vulnerabilities found recently in its products. The industrial automation giant has informed customers about critical vulnerabilities in FactoryTalk, Micro800, and ControlLogix products. In the FactoryTalk Linx Network Browser the vendor fixed CVE-2025-7972, a flaw that allows an attacker to disable FTSP token validation, which can be used to create, update, and delete FTLinx drivers. READ MORE...
Downgrade Attack Allows Phishing Kits to Bypass FIDO
Researchers have developed a new proof-of-concept (PoC) for how phishing kits can circumvent Fast Identity Online (FIDO) authentication. FIDO is the gold standard of online authentication - the best, widely accessible way of ensuring that users who log in to their accounts are who they say they are. It sidesteps the weaknesses inherent to static passwords and even multifactor authentication (MFA) by having users authenticate with credentials tied to their own physical device. READ MORE...
LLM chatbots trivial to weaponise for data theft, say boffins
A team of boffins is warning that AI chatbots built on large language models (LLM) can be tuned into malicious agents to autonomously harvest users' personal data, even by attackers with "minimal technical expertise", thanks to "system prompt" customization tools from OpenAI and others. "AI chatbots are widespread in many different sectors as they can provide natural and engaging interactions," author Xiao Zhan explained in a statement issued ahead of her paper's presentation. READ MORE...
Water sector expands partnership with volunteer hackers
Water utilities are some of the most vulnerable U.S. critical infrastructure organizations, but some of them could get a cybersecurity boost from an army of volunteer white-hat hackers. Several cyber experts have already been assisting small water treatment facilities with security improvements as part of a public-service project called DEF CON Franklin, which launched at the DEF CON cybersecurity conference in Las Vegas in 2024. READ MORE...
'MadeYouReset' HTTP/2 flaw lets attackers DoS servers
Security researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel have published details of a "common design flaw" in implementations of the HyperText Transfer Protocol 2 (HTTP/2) allowing those with ill intent to create "massive Denial of Service attacks". And, being the underpinnings of the modern web, HTTP/2 is widely deployed enough to mean that they had to coordinate disclosure with more than a hundred affected vendors. READ MORE...
Plex warns users to patch security vulnerability immediately
Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. The company has yet to assign a CVE-ID to track the flaw and didn't provide additional details regarding the patch, only saying that it impacts Plex Media Server versions 1.41.7.x to 1.42.0.x. Yesterday Plex emailed those running affected versions to update their software as soon as possible. READ MORE...
- ...in 1877, Thomas Edison makes the first-ever sound recording, of himself reciting "Mary had a little lamb."
- ...in 1965, The Beatles play to nearly 60,000 fans at Shea Stadium, ushering in the age of "stadium rock."
- ...in 1969, The Woodstock Music & Art Fair opens in upstate New York, showcasing some of the era's most popular musical acts.
- ...in 1971, President Nixon signs legislation officially detaching the value of the U.S. dollar from the "gold standard."
