The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure
A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Dave Bittner from The Cyberwire.
Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot.
“PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system
MedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly recruiting for penetration testers to help it compromise more businesses.
Read more in my article on the Fortra blog.
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
“Untrusted search path in
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.
“An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging
The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work.
But here’s the uncomfortable truth: Attackers are evolving just as fast.
Every leap forward in AI gives bad actors new tools — deepfake scams so real they trick your CFO, bots that can bypass human review,
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release.
Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry.
The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability