Aggregator

A vulnerability, which was classified as problematic, has been found in Reolink Video Doorbell Wi-Fi DB_566128M5MP_W. This impacts an unknown function of the component DDNS Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-60858. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as very critical was found in IBM Maximo Application Suite up to 9.0.15/9.1.4. This affects an unknown function. Executing manipulation can lead to authentication bypass by primary weakness. This vulnerability is handled as CVE-2025-36386. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud
With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud.

Humana, BCBS Montana Are Among Clients of Conduent Hack
Conduent Business Solutions LLC has told state regulators that a hacking incident discovered in January has affected more than 10.5 million patients. Clients affected include Blue Cross Blue Shield of Montana and Humana, as well as an undisclosed number of other organizations.

Ravin Academy Records Reveal Identities of More Than 1,000 Participants
A public database of internal records from Iran's Ravin Academy - a cyber school linked to the Ministry of Intelligence - has been published online, exposing potentially sensitive data on over 1,000 trainees, including individuals reportedly tied to Western institutions.

CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud
With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud.

Everest Extortion Group Lists Dublin Airport
A Russian data extortion group threatened Sunday to release passenger data putatively stolen from the Dublin Airport days after its operator said it investigated a breach stemming from a September cybersecurity incident that affected airports across Europe.

​Microsoft announced today a new Microsoft 365 Copilot agent called App Builder that can help users create and deploy apps "in minutes." [...]

The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service. [...]

Dentsu Confirms Data Breach Following Cyber Incident at Merkle

A vulnerability classified as critical has been found in alexusmai laravel-file-manager up to 3.3.1. The impacted element is an unknown function of the component File Manager Interface. Performing manipulation results in unrestricted upload. This vulnerability is known as CVE-2025-56399. Remote exploitation of the attack is possible. No exploit is available.

US teen indicted for involvement in extremist “764” network, accused of child exploitation, animal cruelty, and cyberstalking, says the Justice Department.

Австралийские регуляторы требуют возврат денег за Copilot, о котором никто не просил.

The BlueNoroff threat group, also tracked as Sapphire Sleet, APT38, and TA444, has significantly evolved its targeting capabilities with sophisticated new infiltration strategies designed specifically to compromise C-level executives and senior managers within the Web3 and blockchain sectors. The group, historically focused on financial gain through cryptocurrency theft, has unveiled two coordinated campaigns dubbed GhostCall […]

The post BlueNoroff Hackers Adopts New Infiltration Strategies To Attack C-Level Executives, and Managers appeared first on Cyber Security News.

A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network traffic. While attackers have yet to be spotted exploiting the flaw, a proof-of-concept (PoC) exploit code has been published, making it critical for administrators to patch internet-facing resolvers. What is BIND 9? BIND (v)9 is the latest … More →

The post PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) appeared first on Help Net Security.

Researchers poke holes in OpenAI’s new browser as standards bodies fear U.S. businesses are “sleepwalking” into an AI governance crisis. 

The post Exclusive: OpenAI’s Atlas browser — and others — can be tricked by manipulated web content appeared first on CyberScoop.

Agentic commerce is here. See how AI-driven checkout reshapes fraud, attribution, and upsell motions, and how DataDome secures MCP, APIs, and helps you monetize trusted AI traffic.

The post Agentic Commerce Is Here. Is Your Business Ready to Accept AI-Driven Transactions? appeared first on Security Boulevard.

Coveware зафиксировала исторический минимум выплат за шесть лет наблюдений.