Critical Infrastructure SecurityAlerts for flaws in industrial control systems include Siemens, AvevaShaun NicholsJune 16, 2025CISA issued a handful of alerts to address vulnerabilities in 10 industrial control appliances.
Threat IntelligenceFIN7-linked threat group impersonates 7-Zip, software updatesLaura FrenchJune 16, 2025GrayAlpha uses custom loaders to deploy the NetSupport RAT backdoor.
DevOpsPyPI repositories targeted by malicious ‘Chimera-Sandbox Extensions’Steve ZurierJune 16, 2025Bad package takes aim at AI apps that contain MacOS data, CI/CD pipelines, and AWS tokens.
Vulnerability ManagementHouse Dems call for review of U.S. government cybersecurity programsShaun NicholsJune 13, 2025The House Democrats asked for a full assessment of the NVD and CVE systems.
AI/MLDark web AI service abuses legitimate open-source modelsLaura FrenchJune 13, 2025The multimodal Nytheon AI platform is advertised on criminal forums and Telegram channels.
Vulnerability ManagementTrend Micro patches four 9.8 bugs in encryption PolicyServer productsSteve ZurierJune 13, 2025While there was still no evidence of exploitation, Trend Micro advises customers to patch right away.
Network SecuritySmartwatches tabbed as latest vehicle for air-gapped system attacksShaun NicholsJune 13, 2025Researchers say the latest vehicle for covert data extraction from secured systems could be sitting on your wrist.
DevOps270K websites injected with ‘JSF-ck’ obfuscated codeLaura FrenchJune 12, 2025The JavaScript obfuscation method produces working code using only six ASCII characters.
RansomwareFog ransomware uses legit monitoring software, open-source toolsSteve ZurierJune 12, 2025The bad actor also established persistence following the incident.
Vulnerability ManagementUpdates urged after disclosure of Windows Secure Boot vulnerabilityShaun NicholsJune 12, 2025Bug potentially allows an attacker to bypass the UEFI checks that prevents the use of unauthorized firmware.