A recent security incident at Cisco highlights the persistent threat of social engineering attacks. Cisco disclosed a vishing (voice phishing) attack targeting its employees. While the breach was limited in scope, it underscores the ongoing need for organizations to remain vigilant against social engineering tactics. According to Cisco’s advisory, a malicious actor used a convincing

Continue Reading

Recent research by Wiz Security has identified a significant chain of vulnerabilities within NVIDIA’s Triton Inference Server, a widely used platform for deploying AI models at scale. When exploited in sequence, these flaws could enable unauthenticated attackers to gain full control over affected servers, leading to remote code execution (RCE). The vulnerabilities, assigned CVE (Common

Continue Reading

The Mozilla Foundation, creators of the Firefox browser, has issued an important warning for developers and users about a new phishing campaign targeting Mozilla Add-ons (AMO) accounts. These fake emails that appear to be from Mozilla or AMO, often claiming that your account needs an update or verification to continue accessing developer features. These messages

Continue Reading

Bitdefender has identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. These vulnerabilities, affecting the device’s ONVIF protocol and file upload handlers, could allow unauthenticated attackers to remotely execute arbitrary commands, potentially taking full control of the device. The vulnerabilities were verified on a Dahua Hero C1 (DH-H4C)

Continue Reading

Pi-hole, a trusted and widely adopted open-source network security solution, experienced a security incident involving the inadvertent exposure of user information submitted through its donation page. The breach was limited to names and email addresses; no payment details or verified personal information were compromised. The exposure occurred when donor names and email addresses entered via

Continue Reading

WordPress sites using the AI Engine plugin should be aware of a recently discovered security vulnerability that could allow malicious actors to upload arbitrary files and potentially take control of affected websites. On July 18th, 2025, a security report submitted to Wordfence revealed an Arbitrary File Upload vulnerability in the AI Engine plugin, which is

Continue Reading

The Cybersecurity and Infrastructure Security Agency (CISA), working alongside Sandia National Laboratories, has announced that Thorium is now available for public use. This platform is designed to help cybersecurity teams automate file analysis and improve the efficiency of their threat detection workflows. Scalable Solution for Modern Cybersecurity Challenges Thorium is a distributed platform that brings

Continue Reading