WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
Dec 19, 2025Ravie LakshmananVulnerability / Network Security WatchGuard has released fixes to address a critical security flaw in Fireware OS...
Security
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
Dec 19, 2025Ravie LakshmananFirmware Security / Vulnerability Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are...
Italian Ferry Malware Attack Sparks International Probe
French intelligence agencies uncovered what appears to be a coordinated foreign interference operation targeting the GNV Fantastic. The post Italian...
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw Pierluigi Paganini December 18, 2025 Hewlett Packard Enterprise (HPE) fixed a...
Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations
Each year, several security solution providers – including Sophos – sign up for MITRE’s ATT&CK Enterprise Evaluations, a full-scale cyber...
Client ID Metadata Documents (CIMD): The Future of MCP Authentication
After spending a year watching developers struggle with Dynamic Client Registration (DCR) for MCP servers, the Model Context Protocol...
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists Pierluigi Paganini December 18, 2025 Resecurity reports...
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Dec 18, 2025Ravie LakshmananVulnerability / Enterprise Security Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software...
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini December 18, 2025 U.S....
Microsoft December Update Breaks Critical IIS Servers
The security updates delivered through KB5071546 have fundamentally broken Message Queuing (MSMQ) functionality across multiple Windows versions. The post Microsoft...
Chinese Hackers Breach Cisco’s Email Security Systems
The Chinese threat group, tracked as UAT-9686, has deployed a collection of custom-built hacking tools to maintain persistent access to...
SoundCloud Cyberattack Leaves 28M Users Exposed
The breach has already triggered widespread chaos across the platform, with users worldwide reporting connection failures and cryptic error messages....
How CISOs Can Beat the Ransomware Blame Game
Being a CISO is not for the weak-hearted. It’s a stressful role and an innately high-risk position. Around 25% of security...
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
Dec 18, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical...
LLM10: Unbounded Consumption – FireTail Blog
The OWASP Top 10 for LLMs was released this year to help security teams understand and mitigate the rising...
