The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. […]
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. […]
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.
The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter
The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years.
The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7.
“Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass
The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7.
“Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass
The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity
What’s strange but quickly starting to set in is that season five was the final season of the beloved Stranger Things series on Netflix. The show has captivated audiences by pitting its plucky protagonists against an “Upside Down” world of the Demogorgon, Mind Flayers and more. Every time I watch, my mind immediately turns to […]
The post The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity appeared first on SecurityWeek.
Microsoft Teams to add brand impersonation warnings to calls
Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. […]
INC ransomware opsec fail allowed data recovery for 12 US orgs
An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. […]
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
A team of researchers from the Graz University of Technology in Austria has revived page Linux page cache attacks.
The post Old Attack, New Speed: Researchers Optimize Page Cache Exploits appeared first on SecurityWeek.
Why Active Directory password resets are surging in hybrid work
Hybrid work has driven a surge in Active Directory password resets, turning minor lockouts into major productivity drains. Specops shows why remote access, cached credentials, and security policies are fueling the spike. […]
Webinar Today: Rethinking Email Security for Mid-Sized Organizations
See how modern AI-driven detection can block sophisticated attacks that traditional tools miss
The post Webinar Today: Rethinking Email Security for Mid-Sized Organizations appeared first on SecurityWeek.