Cyber News & Articles

Cyber News & Articles

How Attackers Bypass Synced Passkeys 

TLDR
Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys.

Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure.
Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong

read more
Cyber News & Articles

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped 

Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program.
Of the 183 vulnerabilities, eight of them are non-Microsoft

read more
Cyber News & Articles

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control 

Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges.
The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system.
“The vulnerabilities affect Red Lion SixTRAK and VersaTRAK

read more
Cyber News & Articles

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access 

Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center

read more
Cyber News & Articles

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login 

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.
The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.
“Due to a deserialization vulnerability in SAP NetWeaver, an

read more
Cyber News & Articles

Patch Tuesday, October 2025 ‘End of 10’ Edition 

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you’re running a Windows 10 PC and you’re unable or unwilling to migrate to Windows 11, read on for other options.

read more
Cyber News & Articles

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year 

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year.
The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it’s assessed to be a publicly-traded

read more
Cyber News & Articles

The AI Fix #72: The AI hype train, space data centers, and lifelike robot heads 

In episode 72 of The AI Fix, GPT-5’s “secret sauce” turns out to be phrases from adult websites, Irish police beg TikTokers to stop faking AI home intruders, Jeff Bezos pitches gigawatt data centers in space, OpenAI rolls out Agent Kit for drag-and-drop agents, and a Chinese startup unveils the creepiest robot head ever.

Meanwhile, Graham looks askance at corporate America’s AI obsession – earning calls full of sunshine, SEC filings full of dread – while 95% of AI pilots flop. Mark then takes you down the wire to see where your prompt actually goes: tokens, tensors, rivers of cooling water, and a billion GPU multiplications.. all to tell you there are “two r’s in strawberry.”

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

read more
Cyber News & Articles

Moving Beyond Awareness: How Threat Hunting Builds Readiness 

Every October brings a familiar rhythm – pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone.
Make no mistake, as a security professional, I love this month. Launched by CISA and the National

read more
Cyber News & Articles

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing 

Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD’s incomplete protections that make it possible to perform a single memory

read more

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X