Cyber News & Articles

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild.
The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws.
“A vulnerability in Trend Micro

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country.
The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, MATCHWOK, and

When Technology Resets the Playing Field
In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But I also know that what we’ve built so far is only

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The high-severity vulnerabilities, which are from 2020 and 2022, are listed below –

CVE-2020-25078 (CVSS score: 7.5) – An unspecified vulnerability in D-Link

A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs.
“Like a real-world virus variant, this new ‘ClickFix’ strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web

In episode 62 of The AI Fix, your hosts learn how AI models smash through CAPTCHA roadblocks like they’re made of wet tissue paper – so much for humanity’s last line of defence.

Meanwhile, we meet a bottle-flipping robot and call BS on a cartwheeling cyborg, Graham has a full-blown breakdown over traffic light puzzles, and Anthropic hires an AI psychiatry team to figure out why its bots are unhinged.

Also: Microsoft helpfully tells us which jobs are toast, Vogue replaces models with AI-generated glam-bots, and a tiny homebrew neural net humiliates the big boys at Sudoku.

Plus, Mark explores GEPA — the AI prompt optimiser that politely mutates your questions until they’re 35 times more effective than reinforcement learning.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.
The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025.
CVE-2025-21479

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution.
The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model

In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure.
This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need to catch real attacks before they cause damage. 
Here’s how