Apple issues emergency update to fix zero-day exploit in iPhone and macOS

Microsoft’s August 2025 security updates are breaking recovery tools on Windows 10 and Windows 11 PCs

tomshardware - Microsoft admits its latest security updates break Windows recovery tools like "Reset this PC" and "Fix problems using Windows Update" on multiple Windows versions.

#software #infosec #windows #microsoft

Having recovery and/or SSD problems after recent Windows updates? You’re not alone.

6 months / bsky / @arstechnica.com / arstechnica.com

6 months / arstechnica / Andrew Cunningham

Recently released Windows 11 24H2 updates are reportedly causing data corruption and failure issues for some SSD and HDD models on up-to-date systems.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

Microsoft reportedly fixing SSD failures caused by Windows updates

6 months / bleepingcomputer / Sergiu Gatlan

Out-of-band update arrives to clean up Windows reset and recovery mess

6 months / theregister / Richard Speed

Microsoft’s August 2025 security updates are breaking recovery tools on Windows 10 and Windows 11 PCs

6 months / tomshardware

Microsoft fixes Windows upgrades failing with 0x8007007F error

6 months / bleepingcomputer / Sergiu Gatlan

Microsoft releases emergency updates to fix Windows recovery

6 months / bleepingcomputer / Sergiu Gatlan

PyPI now blocks domain resurrection attacks used for hijacking accounts

Bill Toulas / bleepingcomputer - The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. [...]

#cybersecurity #opensource #infosec #python

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

PyPI now blocks domain resurrection attacks used for hijacking accounts

PyPI: Preventing Domain Resurrection Attacks

6 months / simonwillison / Simon Willison

Cisco's Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole

Jessica Lyons / theregister - Switchzilla's summer of perfect 10s Cisco has issued a patch for a maximum-severity bug in its Secure Firewall Management Center (FMC) software that could allow an unauthenticated, remote attacker to inject arbitrary shell commands on vulnerable systems.…

#cybersecurity #infosec

Cisco's Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole

Cisco warns of max severity flaw in Firewall Management Center

#cybersecurity #software #enterprise #infosec

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Bill Toulas / bleepingcomputer - Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. [...]

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet discloses critical bug with working exploit code amid surge in brute-force attempts

#cybersecurity #software #infosec

Alarm raised over 'high-severity' vulnerabilities in Matrix messaging protocol

therecord - An urgent patch has been released for two bugs affecting the Matrix messaging protocol used by some governments for secure communications.

Alarm raised over 'high-severity' vulnerabilities in Matrix messaging protocol

6 months / therecord

Secure chat darling Matrix admits pair of 'high severity' protocol flaws need painful fixes

6 months / theregister / Gareth Halfacree

Details emerge on WinRAR zero-day attacks that infected PCs with malware

Bill Toulas / bleepingcomputer - Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]

#cybersecurity #software #infosec #security

High-severity WinRAR 0-day exploited for weeks by 2 groups

6 months / bsky / @arstechnica.com / arstechnica.com

6 months / arstechnica / Dan Goodin

6 months / bgr

Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Details emerge on WinRAR zero-day attacks that infected PCs with malware

Two groups exploit WinRAR flaws in separate cyber-espionage campaigns

6 months / therecord

Hyundai tells Ioniq 5 owners it will fix keyless security flaw – for a $65 "contribution"

techspot - Kia, Hyundai, and Genesis EVs have been targeted by thieves in the UK and other locations in recent times who use a handheld emulation device disguised to look like a Game Boy. It features radio transmission components that crack the wireless protocols us…

#cybersecurity #infosec #cars #security

Hyundai tells Ioniq 5 owners it will fix keyless security flaw – for a $65 "contribution"

6 months / techspot

Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole

6 months / theverge / Tom Warren

Library of Congress explains how parts of US Constitution vanished from its website

Dominic-Madori Davis, Zack Whittaker / techcrunch - The U.S. congressional agency confirmed to TechCrunch that the removal of key sections of the Constitution from its website were removed in error. The full text has now been reinstated.

#infosec #government #internet #law

Politically hot parts of US Constitution briefly deleted thanks to 'coding error'

6 months / theregister / Brandon Vigliarolo

Library of Congress explains how parts of US Constitution vanished from its website

6 months / techcrunch / Dominic-Madori Davis, Zack Whittaker

Microsoft warns of serious vulnerability in hybrid Exchange deployments

Sofia Elizabella Wyciślik-Wilson / betanews - Microsoft has issued a warning about a high-severity vulnerability in hybrid Microsoft Exchange Server deployments. Tracked as CVE-2025-53786, the vulnerability could allow for privilege escalation by cyber threat actors with administrative access to an o…

#cybersecurity #infosec #microsoft

CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

CISA orders fed agencies to patch new Exchange flaw by Monday

6 months / bleepingcomputer / Lawrence Abrams

Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'

Microsoft warns of serious vulnerability in hybrid Exchange deployments

6 months / betanews / Sofia Elizabella Wyciślik-Wilson

CISA, Microsoft issue alerts on ‘high-severity’ Exchange vulnerability

6 months / therecord

Microsoft warns of high-severity flaw in hybrid Exchange deployments

7 months / bleepingcomputer / Sergiu Gatlan

United Airlines IT Glitch Resolved, Flights Resume After Grounding Issues

United Airlines experienced a disruptive IT malfunction that forced the grounding of flights across major US airports, prompting widespread travel delays. After persistent technical difficulties, the airline resolved the issue and resumed its flight operations, restoring normal service. The incident highlighted vulnerabilities in the carrier’s system management.

#infosec #aviation #travel

There's a Tea app for men, and it also has security problems

Anna Washenko / engadget - Tea bills itself as a safety dating app for women, allowing users to anonymously share details about men they have met. A new app called TeaOnHer has emerged that attempts to flip the script, with men sharing information about women they date. And while T…

#cybersecurity #infosec #apps #security

There's a Tea app for men, and it also has security problems

7 months / engadget / Anna Washenko

A rival Tea app for men is leaking its users’ personal data and driver’s licenses

7 months / techcrunch / Amanda Silberling, Zack Whittaker

Call Of Duty Has New Security Measures, Adding Secure-Boot Requirement

S.E. Doster / gamespot - Call of Duty's battle against hackers continues, and Activision has announced some major updates to the game's Ricochet anti-cheat for Season 5 and beyond. The publisher also confirmed legal action taken against several cheat makers.Season 5 of Black Ops …

#gaming #infosec

Call of Duty’s PC anti-cheat will require Secure Boot on Windows. Black Ops 7 will require Secure Boot and TPM 2.0 when the game launches later this year www.theverge.com/news/720007/...

7 months / bsky / @tomwarren.co.uk / tomwarren.co.uk

'Call of Duty: Black Ops 7' will require TPM 2.0, Windows Secure Boot for Black Ops 7 — Activision testing Ricochet anti-cheat update in upcoming season

7 months / tomshardware

Call Of Duty Has New Security Measures, Adding Secure-Boot Requirement

7 months / gamespot / S.E. Doster

Call of Duty’s PC anti-cheat will require Secure Boot on Windows

7 months / theverge / Jay Peters

Hackers Used An Infected Calendar Invite To Hack Gemini And Take Control Of A Smart Home

bgr - The dangers of AI are becoming increasingly apparent, as hackers found a way to use Google's Gemini chatbot to take over a stranger's smart home devices.

#cybersecurity #infosec #cybercrime #hack

Researchers hacked Google Gemini to take control of a smart home

7 months / bsky / @arstechnica.com / arstechnica.com

7 months / engadget / Anna Washenko

Hackers Used An Infected Calendar Invite To Hack Gemini And Take Control Of A Smart Home

7 months / bgr

Researchers design “promptware” attack with Google Calendar to turn Gemini evil

7 months / arstechnica / Ryan Whitwam

Microsoft’s ‘Agentic Web’ Ambition Hit by Embarrassing Security Flaw

Markus Kasanmascheff / winbuzzer - A critical security flaw in Microsoft's new NLWeb protocol raises questions about its 'agentic web' strategy, despite a quick patch from the company.The post Microsoft’s ‘Agentic Web’ Ambition Hit by Embarrassing Security Flaw appeared first on WinBuzzer.

#cybersecurity #infosec #microsoft #security

Microsoft’s ‘Agentic Web’ Ambition Hit by Embarrassing Security Flaw

Microsoft AI web project NLWeb plagued by common security flaw

7 months / mobilesyrup / Jonathan Lamont

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

7 months / theverge / Tom Warren

UK MoD taps Australian cybersecurity startup Castlepoint after Afghan data breach

Lucy Adams / tech - Britain's Ministry of Defence (MoD) has selected Australian firm Castlepoint Systems to provide services for automating data classification and reducing the risk of human error. The company is now hea...

#cybersecurity #infosec #defensetech #uk

UK's Ministry of Defence pins hopes on AI to stop the next massive email blunder

7 months / theregister / Connor Jones

UK MoD taps Australian cybersecurity startup Castlepoint after Afghan data breach

7 months / tech / Lucy Adams

Nvidia rejects US demand for backdoors in AI chips

Dominic Preston / theverge - Nvidia’s chief security officer has published a blog post insisting that its GPUs “do not and should not have kill switches and backdoors.” It comes amid pressure from both sides of the Pacific, with some US lawmakers pushing Nvidia to grant the governmen…

#infosec #nvidia #gpu #security

Nvidia warns of “disaster” if it has to put kill switch and backdoor in chips

7 months / bsky / @arstechnica.com / arstechnica.com

7 months / arstechnica / Jon Brodkin

Two face trial for exporting Nvidia AI chips as the company rejects hardware kill switches

7 months / the-decoder / Maximilian Schreiner

Nvidia dice NO a la puerta trasera y al interruptor de bloqueo que le pide EEUU en sus chips de IA. Quieren un interruptor remoto para bloquear los chips en caso de que se contrabandeen a China. Nvidia dice que no existen las puertas traseras buenas, so

7 months / bsky / @mr-bytes.com / mr-bytes.com

OpenAI Breaks Silence, Alibaba Surges, Nvidia Draws a Red Line

7 months / implicator / Marcus Schuler

Two arrested for smuggling AI chips to China; Nvidia says no to kill switches

7 months / techcrunch / Rebecca Szkutak

Nvidia defiant over backdoors and kill switches in GPUs as U.S. mulls tracking requirements — calls them 'permanent flaws' that are 'a gift to hackers'

7 months / tomshardware

US charges 2 Chinese nationals with illegally shipping Nvidia AI chips to China

7 months / theregister / David Meyer

Nvidia says no backdoors, kill switches, or spyware in its chips after China accusations

7 months / techspot

Nvidia rejects US demand for backdoors in AI chips

7 months / theverge / Dominic Preston

Nvidia Denies GPU Backdoors as China Probe Threatens Renewed H20 Chip Sales

Dell fixed security chip vulnerability that left millions open to attack

Dell fixed security chip vulnerability that left millions open to attack

Brad Bennett / mobilesyrup - Tens of millions of Dell laptops were recently discovered to have a vulnerability that could have allowed hackers to steal sensitive data from users and monitor some of their computer activities. Dell validated this security analysis in June, and it appea…

#cybersecurity #infosec

7 months / mobilesyrup / Brad Bennett

Critical ‘Revault’ Flaws Leaves over 100 Dell Laptop Models Vulnerable if Unpatched

NVIDIA Patches Critical Triton Server Vulnerabilities Enabling Full AI System Takeover

NVIDIA Patches Critical Triton Server Vulnerabilities Enabling Full AI System Takeover

Markus Kasanmascheff / winbuzzer - NVIDIA has patched critical RCE flaws in its Triton Inference Server after Wiz Research found an exploit chain allowing full AI system takeover. Update now.The post NVIDIA Patches Critical Triton Server Vulnerabilities Enabling Full AI System Takeover app…

#cybersecurity #infosec #nvidia #gpu