Security coalition urges Congress to renew 2015 CISA law
Listen to the article 3 min This audio is auto-generated. Please let us know if you have feedback. Congress must reauthorize a cybersecurity threat information…
Month: July 2025
Anatsa Android Banking Malware from Google Play Targeting Users in the U.S. and Canada
ThreatFabric researchers have identified a sophisticated new campaign by the Anatsa banking trojan specifically targeting mobile banking customers across the United States and Canada, marking…
FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers
Fortinet has disclosed a critical security vulnerability in FortiOS that could allow authenticated attackers to execute arbitrary code through a heap-based buffer overflow in the…
AI for Good: Signal president warns of agentic AI security flaw
The president of secure messaging app Signal has warned of the security implications of agentic AI, where artificial intelligence (AI) can access systems to help…
Scattered Spider poses serious risk to several hundred major companies
The cybercrime group Scattered Spider’s tactics put a group of roughly 300 major companies at heightened risk of attack, according to a new report from security…
Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework
Applications are a common intrusion point, but the way attackers gain access, maneuver and create mayhem within and across applications doesn’t always neatly fit into…
Android malware Anatsa infiltrates Google Play to target US banks
The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. The malware…
FortiOS Buffer Overflow Vulnerability Allows Attackers to Execute Arbitrary Code
Fortinet disclosed a significant security flaw in its FortiOS operating system, identified as CVE-2025-24477. This heap-based buffer overflow vulnerability, classified under CWE-122, affects the cw_stad…
127 Bytes Exfiltrated Per Request
Security researchers have released proof-of-concept exploits for CVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC and Gateway devices dubbed “CitrixBleed2.” The flaw allows unauthenticated attackers to…
IBM Power11 debuts with uptime, security, and energy efficiency upgrades
IBM unveiled Power11 today, a new generation of Power servers built to improve performance across processing, hardware, and virtualization. It’s designed to run reliably both…
SEC and SolarWinds to settle lawsuit over 2020 breach
The United States’ Securities and Exchange Commission (SEC) has reached a settlement in principle with SolarWinds in an ongoing case against the organisation and its…
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google’s Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe…