News

Redmond doesn't bother informing customers about some security fixes

UPDATED  Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.…

Move along, nothing to see here

Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.…

Snarfing up config files for 'thousands' of devices…just for giggles, we're sure

The FBI and security researchers today warned that Russian government spies exploited a seven-year-old bug in end-of-life Cisco networking devices to snoop around in American critical infrastructure networks and collect information on industrial systems.…

Researchers disclosing their findings said 'it's as bad as it sounds'

Researchers at watchTowr just published working proof-of-concept exploits for two unauthenticated remote code execution bug chains in backup giant Commvault.…

iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed

Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.…

Burger slinger gets a McRibbing, reacts by firing staffer who helped

A white-hat hacker has discovered a series of critical flaws in McDonald's staff and partner portals that allowed anyone to order free food online, get admin rights to the burger slinger's marketing materials, and could allow an attacker to get a corporate email account with which to conduct a little filet-o-phishing.…

Reconfigure local app settings via a 'simple' POST request

A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to, in extreme cases by serving poisoned models.…

Intruders hoped no one would notice their presence

Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.…

Toronto company says weekend cyber raid hit internal IT, not punters' wallets

Canadian casino software slinger Bragg Gaming Group has disclosed a "cybersecurity incident," though it's adamant the intruders never got their hands on customer data.…