The power grid is getting old, and so is the cybersecurity protecting it
Critical infrastructure is getting older, and the cost of that decay is starting to show. The Arthur D. Little Built to Last? report says that…
Month: October 2025
Pro-Russian Hacktivists Target Government, Finance and E-Commerce Sites
The pro-Russian hacktivist collective NoName057(16) has emerged as a notable participant in a coordinated wave of cyberattacks targeting Israeli infrastructure during the October 7 anniversary…
Windows Remote Access Connection Manager 0-Day Vulnerability Exploited in Attacks
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, allowing attackers to escalate privileges and…
Noosa Council confirms $2.3 million cyber fraud during 2024 Christmas period
Noosa Shire Council has publicly acknowledged it was the target of a major fraud incident during the 2024 Christmas period, resulting in the loss of…
Patch Tuesday, October 2025 ‘End of 10’ Edition – Krebs on Security
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already…
UEFI Shell Vulnerabilities Could Allow Hackers to Bypass Secure Boot on 200,000+ Laptops
Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops. According to Eclypsium, these vulnerabilities…
Swalwell seeks answers from CISA on workforce cuts
Rep. Eric Swalwell, D-Calif., sent a letter Tuesday to acting CISA Director Madhu Gottumukkala raising concerns about staffing levels and the direction of the nation’s…
Malicious crypto-stealing VSCode extensions resurface on OpenVSX
A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft’s Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and…
Support for Windows 10 Ends Today Leaving Users Vulnerable to Cyberattacks
Microsoft officially ended support for Windows 10, marking the close of a decade-long era for one of the most popular operating systems in history. This…
A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones
Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds.…
Security firms dispute credit for overlapping CVE reports
Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. According to the company, Gecko filed…
FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands.…