warns
-
Blog
Cisco warns of max severity RCE flaws in Identity Services Engine
Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). The flaws, tracked under CVE-2025-20281 and CVE-2025-20282, are rated with max severity (CVSS score: 10.0). The first impacts ISE and ISE-PIC versions 3.4 and 3.3, while the second affects only version 3.4.…
Read More » -
Blog
SonicWall warns of trojanized NetExtender stealing VPN logins
SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. The fake software, which was discovered by SonicWall’s and Microsoft Threat Intelligence (MSTIC) researchers, mimics the legitimate NetExtender v10.3.2.27, the latest available version. The malicious installer file is hosted on a spoofed website that is made to appear…
Read More » -
Blog
US Homeland Security warns of escalating Iranian cyberattack risks
The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. This warning was issued as a National Terrorism Advisory System bulletin on Sunday and cautions that the Iranian conflict is causing a “heightened threat environment” in the United States, with “low-level” cyberattacks targeting networks in the U.S. likely.…
Read More » -
Blog
Andy Jassy memo warns staff that Amazon will “need fewer people” as it rolls out more generative AI
Amazon CEO Andy Jassy has told his workforce that their jobs could be taken by generative AI in the coming years. In a memo sent to employees on 17 June, Jassy wrote that Amazon expects “efficiency gains” from AI across the company, which would result in job losses. “We will need fewer people doing some of the jobs that are…
Read More » -
Blog
Apple warns: GenAI still isn’t very smart
Filling the void in the few hours before WWDC begins, Apple’s machine learning team raced out of the gate with a report to make people think twice about artificial intelligence, arguing that while the intelligence is artificial, it’s only superficially smart. Some seem to think that Apple is attempting to mask its slow progress in AI development as its competitors push ahead toward artificial general…
Read More » -
Blog
Cisco warns of ISE and CCP flaws with public exploit code
Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. The most severe of the three is a critical static credential vulnerability tracked as CVE-2025-20286, found by GMO Cybersecurity’s Kentaro Kawane in Cisco ISE. This identity-based policy enforcement software provides endpoint access control and network device…
Read More » -
Blog
Hewlett Packard Enterprise warns of critical StoreOnce auth bypass
Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue. The flaws impact…
Read More » -
Blog
The North Face warns customers of April credential stuffing attack
Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. The North Face is a major American outdoor apparel and equipment brand owned by VF Corporation that also controls Vans, Timberland, and Dickies. The North Face generates over $3 billion in annual revenue, making it…
Read More » -
Blog
Microsoft Authenticator now warns to export passwords before July cutoff
The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. Microsoft Authenticator is a free mobile authenticator app that provides secure sign-in for mobile accounts using multi-factor authentication (MFA) methods like time-based one-time passwords (TOTPs), push notifications, biometrics-based confirmations, and password-less logins to Microsoft accounts.…
Read More » -
Blog
FBI warns of Luna Moth extortion attacks targeting law firms
The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. Also known as Luna Moth, Chatty Spider, and UNC3753, this threat group has been active since 2022 and was also behind BazarCall campaigns that provided initial access to corporate…
Read More »