If you want a job at McDonald’s today, there’s a good chance you’ll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and… Read More "McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’"
Beginning today, millions of adults trying to access pornography in the United Kingdom will be required to prove that they are over the age of 18. Under sweeping new online child safety laws coming into force, self-reporting checkboxes that allow… Read More "The Age-Checked Internet Has Arrived"
Aber: Nur, weil man die Vorschriften einhält, heißt das noch lange nicht, dass man auch sicher ist. Erfahrene Sicherheitsexperten betrachten die Einhaltung von Vorschriften als das absolute Minimum und gehen in ihren Empfehlungen weit über die erforderlichen Komponenten zum Schutz… Read More "Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen"
“Rather than working to compromise one company and being uncertain of the payoff, threat actors can compromise one developer and end up with their malware in hundreds, or even thousands of other companies,” said Gannon. “Even if it takes ten… Read More "Supply chain attack compromises npm packages to spread backdoor malware"
Jul 24, 2025Ravie LakshmananCyber Espionage / Malware The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama’s 90th birthday on July 6, 2025. The multi-stage… Read More "China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community"
Jul 24, 2025Ravie LakshmananNetwork Security / Vulnerability Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities… Read More "Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices"
Jul 24, 2025Ravie LakshmananVirtualization / Network Security Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate… Read More "Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments"
A Chinese-based threat actor has been observed using the flaws in Microsoft SharePoint to deploy ransomware on compromised systems. In an incident update on July 23, Microsoft revealed that a group tracked as Storm-2603 is distributing Warlock ransomware on exploited… Read More "Ransomware Deployed in Compromised SharePoint Servers"
How does Fidelis Deception® scale across diverse IoT and network device environments? Fidelis Deception® automatically discovers and profiles all network-connected assets—including IoT devices, gateways, virtual machines, and cloud services. It dynamically generates decoys that authentically replicate these assets, ensuring seamless… Read More "Best Practices for Extending Fidelis Deception® Protection to IoT Environments"
Jul 24, 2025Ravie LakshmananVulnerability / Network Security Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. “An authentication bypass vulnerability has been identified in the Provisioning… Read More "Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems"
