AI/MLCritical mcp-remote flaw could enable RCE when connecting AI clientsLaura FrenchJuly 9, 2025A malicious MCP server could have executed arbitrary commands on the victim’s machine.
IdentityServiceNow issues CVE for high-severity ACL bugSteve ZurierJuly 9, 2025Varonis says attackers could easily expose ServiceNow data tables by combining enumeration techniques with common query filters.
Vulnerability ManagementMicrosoft fixes 130 bugs, 12 critical, in July Patch Tuesday releaseShaun NicholsJuly 8, 2025Microsoft has posted one of its heaviest Patch Tuesday security patches in recent memory.
Vulnerability ManagementAI tool predicts 17% increase in CVE disclosures in 2025Laura FrenchJuly 8, 2025CVEForecast leverages historical CVE data to train predictive machine learning models.
Vulnerability ManagementCISA adds four older CVEs to known exploited vulnerabilities listSteve ZurierJuly 8, 2025Security pros advised to patch the bugs as CISA warns that they have been actively exploited.
MalwareNordDragonScan infostealer targets Windows with LOTL methodsLaura FrenchJuly 7, 2025The campaign distracts victims from its malicious nature using benign decoy documents.
Vulnerability ManagementTwo bugs for Linux Sudo utility patched, one rated criticalSteve ZurierJuly 7, 2025Teams told to patch both because each bug could let attackers fully take over an enterprise system.
IdentityAT&T rolls out protections to block SIM-swapping attacksShaun NicholsJuly 3, 2025"Wireless Account Lock" allows customers to prevent the registration of new devices.
Application securityCatWatchful stalkerware breach reveals 62K users, 26K victimsLaura FrenchJuly 3, 2025An SQL injection exploit exposed the users and owner of CatWatchful stalkerware.
Vulnerability ManagementCisco patches critical 10.0 bug in Unified CM systemsSteve ZurierJuly 3, 2025A successful exploit could let an attacker log-in as the root user.
Infrastructure IS the foundation: Modernizing what serves and secures the American peopleCory SimpsonJuly 7, 2025