A new class of supply chain attacks named ‘slopsquatting’ has emerged from the increased use of generative AI tools for coding and the model’s tendency to “hallucinate” non-existent package names. […]
Microsoft Defender will isolate undiscovered endpoints to block attacks
Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers’ lateral network movement attempts. […]
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
Microsoft starts final Windows Recall testing before rollout
Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. […]
Western Sydney University discloses security breaches, data leak
Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. […]
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. […]
Fortinet: Symlink trick gives access to patched FortiGate VPN devices
Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. […]
Microsoft: Windows ‘inetpub’ folder created by security fix, don’t delete
Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty “inetpub” folder and warned users not to delete it. […]
Google’s AI video generator Veo 2 is rolling out on AI Studio
Google’s AI video generator tool Veo 2, which is the company’s take on OpenAI’s Sora, is now rolling out to some users in the United States. […]