“BERT exploits weak passwords, poor endpoint protection, excessive admin access, lack of monitoring, and insecure backups. It disables defenses, moves quickly, and can even target virtual machines, making recovery harder,” said Pareekh Jain, CEO at EIIRTrend & Pareekh Consulting. BERT… Read More "Trend Micro flags BERT: A rapidly growing ransomware threat"
Qantas has confirmed that nearly six million customers have had their personal data compromised in a recent breach. The Australian airline said that most (four million) of those affected had their name, email address and Qantas Frequent Flyer details exposed in… Read More "Qantas Confirms 5.7 Million Customers Hit by Data Breach"
%202.png?w=1140&resize=1140,855&ssl=1 "Preparing for the Next Big Cyber Threat: Expert Recommendations")
Staying ahead of the game is a top concern for security teams as the cyber threat landscape continues to evolve rapidly. Every year seems to bring new technological advances, which also introduce new cybersecurity trends and significant risks. As organizations… Read More "Preparing for the Next Big Cyber Threat: Expert Recommendations"
Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasuda, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities, which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data.… Read More "Retrofitting spatial safety to hundreds of millions of lines of C++"
Yes, Intrusion Prevention Systems (IPS) can help detect DDoS attacks, particularly known patterns or signature-based threats. However, they may struggle with: Volumetric or multi-vector attacks Zero-day DDoS tactics For comprehensive protection, IPS should be combined with NDR solutions that provide… Read More "DDoS Mitigation Strategies: How NDR Helps You Stay Ahead"
Jul 10, 2025Ravie LakshmananVulnerability / AI Security Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerability, tracked as CVE-2025-6514, carries a CVSS score… Read More "Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads"
The known malicious extensions include “Color Picker, Eyedropper — Geco colorpick,” “VPN Proxy to Unblock Discord Anywhere,” “Emoji keyboard online — copy&paste your emoji,” “Free Weather Forecast,” “Unlock Discord,” “Dark Theme — Dark Reader for Chrome,” “Volume Max — Ultimate… Read More "Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures"
Four individuals have been arrested on suspicion of involvement in the April cyber-attacks targeting three prominent UK retailers – Marks & Spencer (M&S), Co-op and Harrods. Law enforcement action took place on the morning of July 10, with the suspects… Read More "Four Arrested in Connection with April UK Retail Attacks"
%20(1).png?w=1140&resize=1140,855&ssl=1 "Beyond the Red Flags: Responding to a Failed Vendor Audit")
Picture this: your vendor’s latest security audit just landed in your inbox, and you spot multiple failure points. What’s your immediate action plan? Failed vendor audits are an uncomfortable but increasingly common reality as reliance on third-party vendors grows, and… Read More "Beyond the Red Flags: Responding to a Failed Vendor Audit"
Recently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure. The reports themselves aren’t unusual—we’ve reported and helped maintainers fix over 11,000 vulnerabilities in… Read More "Finding more vulnerabilities with AI"
