News

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code

Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass.…

Bill Cassidy letter asks if Switchzilla sat on critical flaws before feds were forced into emergency patching

US Senator Bill Cassidy has fired off a pointed letter to Cisco over the firewall flaws that allegedly let hackers breach "at least one federal agency."…

Alert says financial account information lifted from systems

Auction house Sotheby's says it was breached on July 24, and those behind the intrusion stole an unspecified amount of data, including Social Security numbers and financial account information.…

GenAI meets Gen Z – only one gets the job

ai-pocalypse  The UK tech sector is cutting graduate jobs dramatically – down 46 percent in the past year, with another 53 percent drop projected, according to figures from the Institute of Student Employers (ISE).…

How to avoid your business being felled by an AI-powered ransomware attack that costs less than a laptop.

Passwork  KNP Logistics Group, a British transport company from Northamptonshire that’s been around longer than the mass-produced lightbulb, collapsed after a devastating security breach that left more than 700 employees jobless. The 158-year-old firm fell victim to a ransomware attack.…

Vibe coding may have played a role in what took researchers months to fix

Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked with Microsoft to combat an issue that could have led to some nasty supply chain attacks.…

ICO makes example of outsourcing giant over sluggish cyber response

The UK's Information Commissioner's Office (ICO) has issued a £14 million ($18.6 million) penalty to outsourcing giant Capita following a catastrophic 2023 cyberattack that exposed the personal data of 6.6 million people.…

Japan's beer behemoth still mopping up after ransomware spill that disrupted deliveries and delayed results

Asahi's cyber hangover just got worse, with the brewer now admitting that personal information may have been tapped in last month's attack.…

Lucky few randomly selected to trial the feature, which won't fully roll out for several months

Mozilla is working on a built-in VPN for Firefox, with beta tests opening to select users shortly.…

Latest in a long line of EBS flaws leta miscreants remotely compromise enterprise systems to pinch sensitive data

Oracle is rushing out another emergency patch for its embattled E-Business Suite as the fallout from the Clop-linked attacks continues to spread.…

Warn businesses to act now as high-severity incidents keep climbing

Cyberattacks that meet upper severity thresholds set by the UK government's cyber agents have risen 50 percent in the last year, despite almost zero change in the volume of cases handled.…

Malfunctioning equipment and manual processing cause 90-minute waits

The European Union's new biometric Exit/Entry System (EES) got off to a chaotic start at Prague's international airport, with travelers facing lengthy queues and malfunctioning equipment forcing border staff to process arrivals manually.…