Cybersecurity experts have identified a potential new risk that could undermine the security benefits of FIDO passkeys, which are increasingly adopted as a robust defense against credential phishing and account takeover attacks. While FIDO standards are designed to provide phishing-resistant, passwordless authentication, recent research indicates that malicious actors may develop techniques to trick users into…

Continue Reading

SAP, a leading provider of enterprise resource planning (ERP) solutions, has recently released its latest security updates during its August Patch Tuesday or Security Patch Day. Fixes are included for several critical vulnerabilities that organizations using SAP products should address promptly. SAP released a total of 15 new security notes, along with four updates to…

Continue Reading

Xerox Corporation has issued an urgent security advisory regarding critical vulnerabilities in its FreeFlow Core software version 8.0.4. These flaws could allow malicious actors to perform server-side request forgery (SSRF) attacks and execute remote code on affected systems, posing a significant threat to organizations relying on this software. The issues affect FreeFlow Core version 8.0.4…

Continue Reading

Cybersecurity researchers from Eclypsium in recent analysis have uncovered a serious vulnerability affecting certain Lenovo webcams that run on Linux-based firmware. This flaw allows an attacker with remote access to reflash the device’s firmware, turning it into a covert attack tool capable of injecting keystrokes or establishing persistent backdoors — all without physical access. The…

Continue Reading

Security researchers recently received a series of zero-click vulnerabilities in Windows that could turn critical infrastructure into a global botnet. In a presentation at DEF CON 33, the world’s largest hacking convention, SafeBreach Labs researchersrevealed a new class of exploits dubbed the “Win-DoS Epidemic.” These flaws, found across core Windows components, enable attackers to crash…

Continue Reading

In its recent security advisory, Juniper Networks has addressed a series of critical vulnerabilities affecting Juniper Secure Analytics (JSA), a tool designed to help enterprises monitor, analyze, and protect their network infrastructure. This update resolves multiple security issues that could have potentially severe consequences for organizations relying on JSA for network security management. These issues…

Continue Reading

Recent research by cybersecurity company Modat uncovered a significant concern with healthcare devices connected to the internet. Over 1.2 million devices were found to be accessible without proper security controls, presenting risks that expose sensitive patient data, including medical images and personal information, to unauthorized parties. Their research used advanced scanning tools to identify vulnerable…

Continue Reading

Project Ire is a new AI-powered system designed to autonomously analyze and classify software files for malicious activity. Developed by Microsoft through collaboration between Microsoft Research and cybersecurity teams, this system aims to improve the speed and accuracy of malware detection across vast numbers of files. Project Ire is an autonomous AI agent capable of…

Continue Reading