Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates. […]
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution
Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.
The flaws, per watchTowr Labs, are listed below –
The flaws, per watchTowr Labs, are listed below –
CVE-2025-53693 – HTML cache poisoning through unsafe reflections
CVE-2025-53691 – Remote code execution (RCE) through insecure deserialization
CVE-2025-53694 –
WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. […]
Microsoft to enforce MFA for Azure resource management in October
Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts. […]
Webinar: Learn How to Unite Dev, Sec, and Ops Teams With One Shared Playbook
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions.
Scary, right? In 2025, the average data breach hits businesses with a whopping $4.44 million bill globally. And guess what? A big
Scary, right? In 2025, the average data breach hits businesses with a whopping $4.44 million bill globally. And guess what? A big
In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks
Noteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across multiple phases of malicious attacks.
The post In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks appeared first on SecurityWeek.
Microsoft says recent Windows update didn’t kill your SSD
Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). […]
VerifTools Fake ID Operation Dismantled by Law Enforcement
Authorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts.
The post VerifTools Fake ID Operation Dismantled by Law Enforcement appeared first on SecurityWeek.
Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication
Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts.
The campaign used “compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code
The campaign used “compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia.
“Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or login
“Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or login