Oct 15, 2025Ravie LakshmananData Protection / Browser Security TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the… Read More "How Attackers Bypass Synced Passkeys"
Activity was ramped up by scanning the internal network over various protocols, including Secure Shell (SSH), HTTPS, Server Message Block (SMB), and Remote Procedure Call (RPC), and conducting several SMB scans across different internal subnets. Next, to establish long-term access,… Read More "Flax Typhoon exploited ArcGIS to gain long-term access"
Capita will not appeal a £14m regulatory penalty for security failings that led to a 2023 data breach impacting nearly seven million people, according to the Information Commissioner’s Office (ICO). The UK data protection regulator said it initially intended to fine… Read More "Capita Fined £14m After 2023 Breach that Hit 6.6 Million People"
A comprehensive third-party risk management (TPRM) lifecycle tailored for cybersecurity is essential to safeguard against third-party cyber threats. This article explores the six critical phases of a TPRM lifecycle, outlining key activities involved in each phase and illustrating how they… Read More "TPRM Lifecycle Guide with Examples and Framework Integration"
Vehicle information. You can wrap all of your vehicle information up into a single entry in your password manager. Scan your license and title, add insurance and vehicle information, and maybe loop in personal property tax receipts. NordPass, 1Password, and… Read More "How to Use a Password Manager to Share Your Logins After You Die (2025)"
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless… Read More "Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped"
It’s set to be a busy October for system administrators after Microsoft issued security updates to fix 172 vulnerabilities including six classed as zero-days. Three of the zero-day vulnerabilities in this month’s Patch Tuesday list are being actively exploited. CVE-2025-59230… Read More "Last Windows 10 Patch Tuesday Fixes Six Zero Days"
Third-Party Risk Management (TPRM) analyzes and minimizes risks associated with outsourcing to third-party vendors or service providers. There are many types of digital risks within the third-party risk category, including financial, environmental, reputational, and security risks. These risks exist because… Read More "Third-Party Risk Management Guide for 2025"
“If you don’t include people with disabilities or people with facial differences in the development of these processes, no one’s going to think of these issues,” says Kathleen Bogart, a psychology professor at Oregon State University who specializes in disability… Read More "When Face Recognition Doesn’t Know Your Face Is a Face"
Oct 15, 2025Ravie LakshmananVulnerability / Critical Infrastructure Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked… Read More "Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control"
