A researcher this week disclosed the details of several vulnerabilities that allowed him to gain access to the information of Intel employees. Security researcher Eaton Zveare discovered the vulnerabilities in the fourth quarter of 2024 and they were patched at the time by Intel. Zveare initially discovered a vulnerability that enabled him to bypass authentication on an internal Intel India website designed to allow employees to order business cards. READ MORE...
Russian hackers targeted a Polish hydropower plant again, this time disrupting its control systems and turbines. The power plant - located in Tczew, near Gdansk - was previously targeted in May. Now the hacktivists have released a video, which at first appeared to be a recording of the earlier attack. However, upon closer inspection, it's clear that the same hacktivists targeted the same facility again. READ MORE...
A hack of the Netherlands' Public Prosecution Service has had an unusual side effect - causing some speed cameras to be no longer capturing evidence of motorists breaking the rules of the road. Last month, Dutch media reports confirmed that Openbaar Ministerie (OM), the official body responsible for bringing suspects before the criminal court in the Netherlands, had suffered a security breach by hackers. READ MORE...
A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets - including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of law enforcement. READ MORE...
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for open-source Python packages. It is used by software developers, product maintainers, and companies working with Python libraries, tools, and frameworks. Accounts of project maintainers publishing software on PyPI are linked to email addresses. READ MORE...
Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates. As the company confirmed when it acknowledged the bug on Monday, these problems impact systems running both Windows 10 and older versions of Windows 11. Installing this month's security updates will cause attempts to reset or recover the device to fail. READ MORE...
Attackers are deploying a sophisticated, modular backdoor that mimics ChatGPT Desktop to disguise itself as part of an attack chain that exploits a critical Windows flaw to deliver the Play ransomware. The Play ransomware group, which Microsoft tracks as Storm-2460, is deploying the PipeMagic backdoor in an attack campaign that exploits CVE-2025-29824, an elevation-of-privilege vulnerability in CLFS that allows attackers to gain system-level privileges on compromised systems READ MORE...
A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to, in extreme cases by serving poisoned models. GitLab's Security Operations senior manager Chris Moberly found and reported the flaw in Ollama Desktop v0.10.0 to the project's maintainers on July 31. READ MORE...
Two potentially serious vulnerabilities have been found by a researcher in accounting software used by hundreds of cities and towns. The affected application is made by Workhorse Software Services, which provides software solutions to 310 municipalities in Wisconsin. The vendor has released patches and mitigations after being notified. The vulnerabilities, discovered by researcher James Harrold of Sparrow IT Solutions, were disclosed this week by the CERT/CC at Carnegie Mellon University. READ MORE...