NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow attackers to execute malicious code and…
Month: August 2025
Critical Zip Slip Bug Enables Malicious File Manipulation on Unzip
Path traversal flaws like Zip Slip, which give hackers the ability to alter file systems while decompressing, remain a serious danger in the ever-changing world…
Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites
Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto. The scammers use API-driven templates to impersonate…
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. “Unlike…
Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775
Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775 Pierluigi Paganini August 27, 2025 Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to…
The Chinese Room Problem With the ‘LLMs only predict the next token’ Argument
I’m sure you’ve heard the argument that LLMs aren’t really thinking because, according to them, LLMs are just predicting the next token… And that output…
FreePBX servers hacked via zero-day, emergency fix released
The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed…
How ClickFix and Multi-Stage Frameworks Are Breaking Enterprise Defenses
August 2025 has marked a significant evolution in cybercrime tactics, with threat actors deploying increasingly sophisticated phishing frameworks and social engineering techniques that are successfully…
IEC 62443: A Cybersecurity Guide for Industrial Systems (Part 2)
Welcome back to this series, introducing the IEC 62443 standard. The first article was a general introduction to IEC 62443, this one, and the next…
Why Google I/O Scared This 2007 Apple Fanboy for the First Time
As an Apple Fanboy going back to 2007, this is the first year I’ve felt fear for Apple’s future. And after just watching Apple’s WWDC…
Google to verify all Android devs to protect users from malware
Google is introducing a new defense for Android called ‘Developer Verification’ to block malware installations from sideloaded apps sourced from outside the official Google Play app store. For apps…
28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in…