Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks. […]
Windows 10 KB5058379 update fixes SgrmBroker errors in Event Viewer
Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug. […]
Fortinet fixes critical zero-day exploited in FortiVoice attacks
Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. […]
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. […]
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks.
“Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today.
Targets of the campaign
“Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today.
Targets of the campaign
New Intel CPU flaws leak sensitive data from privileged memory
A new “Branch Privilege Injection” flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. […]
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.
The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
Microsoft will update Office apps on Windows 10 until 2028
Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028. […]
Increase Red Team Operations 10X with Adversarial Exposure Validation
Red teams uncover what others miss — but they can’t be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network. […]
M&S says customer data stolen in cyberattack, forces password resets
Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. […]