News
New Citrix Bleed Vulnerability Exploited Immediately After Public Disclosure
3+ hour, 4+ min ago (598+ words) Hackers are targeting Net Scaler appliances using public Po C code to retrieve arbitrary memory content in the HTTP response. Threat actors began exploiting the latest Citrix Bleed-like vulnerability in Net Scaler ADC and Net Scaler Gateways less than 24 hours…...
How to Conduct a Successful Audit of AI-Driven Software Development
4+ hour, 56+ min ago (665+ words) As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. CISOs must feel confident that these tools are approved and safe. A thorough audit…...
Forti Bleed Campaign Linked to INC, Lynx Ransomware Attacks
5+ hour, 32+ min ago (670+ words) Researchers say credentials harvested from hundreds of thousands of Forti Gate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. Forti Bleed, the large-scale credential-harvesting operation targeting organizations in 150 countries, has led to the deployment…...
Trump Administration Lifts Restrictions on Anthropic's Claude Models After Cybersecurity Alarm
7+ hour, 13+ min ago (590+ words) Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The Trump administration has lifted restrictions on artificial intelligence company Anthropic's latest versions of its Claude chatbot, ending a weekslong ban tied to cybersecurity concerns....
Bio Shocking" Attack Tricks AI Browsers Into Stealing Credentials
7+ hour, 13+ min ago (618+ words) Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. Researchers from cybersecurity firm Layer X are warning that several agentic browsers can be manipulated to abandon their safety guardrails and perform malicious…...
Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability
7+ hour, 13+ min ago (538+ words) A Po C exploit has been available since public disclosure, and the first exploitation attempts were observed last week. Cisco confirmed that a recently patched vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified…...
CISA Warns of Actively Exploited Microsoft Share Point Vulnerability
7+ hour, 48+ min ago (482+ words) The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said threat actors have been exploiting a high-severity vulnerability in Microsoft Share Point Server. Described as a deserialization of untrusted data bug, the exploited security defect allows authenticated attackers to…...
Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings
23+ hour, 59+ min ago (606+ words) Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings. Microsoft on Tuesday announced a new Teams admin policy aimed at providing organizations with increased visibility…...
Citrix Patches Net Scaler Vulnerabilities, Including New "HTTP/2 Bomb" Attack
1+ day, 6+ hour ago (546+ words) Citrix urges customers to patch Net Scaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity Citrix Bleed-style information disclosure bug. Citrix on Tuesday announced fresh Net Scaler ADC and Net Scaler Gateway security updates that resolve…...
Adobe Patches Critical Cold Fusion, Campaign Classic Vulnerabilities
1+ day, 6+ hour ago (529+ words) Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution. Adobe on Tuesday announced security updates for Cold Fusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities. The update…...