DevOpsFake Visual Studio Code extension for Cursor led to $500K theftLaura FrenchJuly 11, 2025The spoofed “Solidity” extension was installed from the Open VSX registry in Cursor.
Vulnerability ManagementFederal agencies have 24 hours to patch ‘Citrix Bleed 2’ bugSteve ZurierJuly 11, 2025CISA has likely seen exploitation across federal agencies and the private sector.
IdentityMcDonald’s ‘McHire’ chatbot records accessed via ‘123456’ passwordLaura FrenchJuly 10, 2025Paradox.ai, which built the McDonald’s “Olivia” chatbot, took responsibility for the issue.
Critical Infrastructure SecurityA majority of enterprises say CISOs now responsible for OT securitySteve ZurierJuly 10, 2025Eight in 10 respondents plan to put OT security under CISOs in the next 12 months.
Network SecurityChina-based hacker to face charges in US after arrest in ItalyShaun NicholsJuly 10, 2025Man believed to be a member of group that stole research and intellectual property from the U.S.
AI/MLCritical mcp-remote flaw could enable RCE when connecting AI clientsLaura FrenchJuly 9, 2025A malicious MCP server could have executed arbitrary commands on the victim’s machine.
IdentityServiceNow issues CVE for high-severity ACL bugSteve ZurierJuly 9, 2025Varonis says attackers could easily expose ServiceNow data tables by combining enumeration techniques with common query filters.
Vulnerability ManagementMicrosoft fixes 130 bugs, 12 critical, in July Patch Tuesday releaseShaun NicholsJuly 8, 2025Microsoft has posted one of its heaviest Patch Tuesday security patches in recent memory.
Vulnerability ManagementAI tool predicts 17% increase in CVE disclosures in 2025Laura FrenchJuly 8, 2025CVEForecast leverages historical CVE data to train predictive machine learning models.
Vulnerability ManagementCISA adds four older CVEs to known exploited vulnerabilities listSteve ZurierJuly 8, 2025Security pros advised to patch the bugs as CISA warns that they have been actively exploited.