known vulnerabilities – Experimental News Clipping Site

The Register: Zero-day lets nation-state spies cross-examine elite US law firm Williams & Connolly

Oct 9, 2025

—

by

Source URL: https://www.theregister.com/2025/10/09/zeroday_nationstate_us_law_firm/ Source: The Register Title: Zero-day lets nation-state spies cross-examine elite US law firm Williams & Connolly Feedly Summary: China-linked snoops crack email at DC powerhouse that represented Bill Clinton, Elizabeth Holmes Washington’s elite law firm Williams & Connolly has confirmed that attackers exploited a zero-day vulnerability to access a handful of attorney…

The Register: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/10/06/microsoft_blames_medusa_ransomware_affiliates/ Source: The Register Title: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried Feedly Summary: You can’t find anything bad if you don’t look, right? Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra’s GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence.……

The Register: Warnings about Cisco vulns under active exploit are falling on deaf ears

Sep 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/30/cisco_firewall_vulns/ Source: The Register Title: Warnings about Cisco vulns under active exploit are falling on deaf ears Feedly Summary: 50,000 firewall devices still exposed Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by “advanced" attackers remain exposed to the internet, according to Shadowserver data.… AI Summary and…

The Register: Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects

Sep 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/26/microsoft_xcsset_macos/ Source: The Register Title: Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects Feedly Summary: Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while…

Microsoft Security Blog: Retail at risk: How one alert uncovered a persistent cyberthreat

Sep 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/24/retail-at-risk-how-one-alert-uncovered-a-persistent-cyberthreat/ Source: Microsoft Security Blog Title: Retail at risk: How one alert uncovered a persistent cyberthreat Feedly Summary: In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing breaches in the past year, the stakes…

Slashdot: Secure Software Supply Chains, Urges Former Go Lead Russ Cox

Sep 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://developers.slashdot.org/story/25/09/21/0650219/secure-software-supply-chains-urges-former-go-lead-russ-cox?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Secure Software Supply Chains, Urges Former Go Lead Russ Cox Feedly Summary: AI Summary and Description: Yes Summary: The text emphasizes the critical need for enhancing software supply chain security, particularly in the face of ongoing vulnerabilities. It outlines practical solutions, such as adopting software signatures and reproducible builds,…

Cloud Blog: How to secure your remote MCP server on Google Cloud

Sep 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/how-to-secure-your-remote-mcp-server-on-google-cloud/ Source: Cloud Blog Title: How to secure your remote MCP server on Google Cloud Feedly Summary: As enterprises increasingly adopt model context protocol (MCP) to extend capabilities of AI models to better integrate with external tools, databases, and APIs, it becomes even more important to ensure secure MCP deployment. MCP unlocks new…

The Register: Self-propagating worm fuels latest npm supply chain compromise

Sep 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/16/npm_under_attack_again/ Source: The Register Title: Self-propagating worm fuels latest npm supply chain compromise Feedly Summary: Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.… AI Summary and Description: Yes Summary: The text discusses a…

Bulletins: Vulnerability Summary for the Week of September 8, 2025

Sep 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-258 Source: Bulletins Title: Vulnerability Summary for the Week of September 8, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Acrobat Reader Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the…

The Register: HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

Sep 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/12/hopefully_just_a_poc_hybridpetya/ Source: The Register Title: HybridPetya: More proof that Secure Boot bypasses are not just an urban legend Feedly Summary: Although it hasn’t been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked…

Tag: known vulnerabilities