CISA Issues Alert on Active Exploits of Windows CLFS Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a critical vulnerability in the Microsoft Windows Common Log…
Month: April 2025
OpenSSL prepares for a quantum future with 3.5.0 release
The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward…
Post Office gets extra £136m towards tech transformation as clock ticks on Horizon
The government has handed the Post Office £136m more in taxpayer’s money towards its core technology transformation project. This is part of a total of…
ROWE: Results-Only Work Environment | Daniel Miessler
ROWE is a simple concept: let people do what they want at work — as long as they’re getting work done. Evidently Best Buy has…
Kibana Security Update – Patch for Vulnerability Leads to Code Injection
Elastic has released critical security updates for Kibana, addressing a high-severity vulnerability that could allow attackers to inject malicious code into affected systems. The security…
Apache mod_auth_openidc Flaw Lets Unauthenticated Users Access Protected Data
A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected resources. The bug, CVE-2025-31492, patched in version 2.4.16.11, affects systems…
Furl introduces AI-powered remediation platform
Furl launched AI-powered remediation platform, designed to revolutionize how security teams tackle the ever-growing backlog of endpoint and server vulnerabilities. By leveraging automation and AI-driven…
Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Apr 09, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including…
Verisign PIP OpenID Delegation Code
So I just started using the PIP service from Verisign to handle my OpenID. It’s a pretty solid OpenID implementation from what I’ve seen and…
AWS Systems Manager Plugin Flaw Allows Arbitrary Code Execution
A recently discovered vulnerability in the AWS Systems Manager (SSM) Agent, a cornerstone of Amazon Web Services (AWS) used for managing EC2 instances and on-premises…
Geofenced Phishing Attacks Target LATAM
A new phishing campaign is targeting users across Latin America, and at the center of it is Grandoreiro, a banking trojan known for stealing sensitive…
Adobe Security Update Fixes Multiple Vulnerabilities
Adobe has released a new security update addressing 30 vulnerabilities across various products, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could…