Ryan Naraine

Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. 

Adobe documents 25 vulnerabilities in Adobe Commerce and warns of code execution and privilege escalation exposure.

The largest U.S. water utility disconnects customer portal and suspends billing services following a cyberattack.

Researchers find Smart TVs from Samsung and LG use a Shazam-like tracker to monitor what you watch. Opting out is complex and time-consuming.

According to a barebones Apple advisory, the new iOS 18.0.1 fixes two bugs that expose passwords and audio snippets to malicious hackers.

The coordinated action resulted in the seizure of more than 100 domains used for spear-phishing targets in the US, UK, and Europe.

A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.

Harmonic has raised a total of $26 million to develop a new approach to data protection using pre-trained, specialized language models. 

The targeting of Diehl Defence is significant because the company specializes in the production of missiles and ammunition.

Microsoft reboots controversial Windows Recall with proof-of-presence encryption, anti-tampering checks, and secure enclave data management.

Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10.

CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident.

Microsoft says each Deputy CISO will oversee specific domains, ranging from gaming and cloud security to AI and government systems.

Mandiant shines the spotlight on the growing infiltration of US and Western companies by North Korean fake IT workers.

Serial entrepreneur Sinan Eren is back with Opnova, a startup working on automating security workflows with limited human supervision.

Black Lotus Labs estimates that more than 200,000 routers, network-attached storage servers, and IP cameras have been ensnared in the botnet.

VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.

Intezer is looking to tap into booming market for AI-powered tooling to address the severe shortage of skilled cybersecurity professionals. 

Apple warns that attackers can use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication. 

Sanctions target five individuals linked to Intellexa Consortium as the US government expands its crackdown on commercial spyware merchants.