October Patch Tuesday beats January ’25 record
Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party
Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party
Related
Advanced Preparation Was Key to a Secure Paris Olympics
The security teams associated with the 2024 Olympic Games in Paris focused on in-depth penetration testing, crisis management exercises, and collaboration to defend against potential cyberattacks.
New Advanced Linux VoidLink Malware Targets Cloud and container Environments
Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that’s specifically designed for long-term, stealthy access to Linux-based cloud environments According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom loaders, implants, rootkits, and modular
China’s Silk Typhoon APT Shifts to IT Supply Chain Attacks
The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.
How to Eliminate Identity-Based Threats
Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of
npm Supply Chain Attack
What is the Attack? On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials. With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and ansi-styles). The impact is considered high risk for applications that serve frontend JavaScript, especially those handling payments,…
Next.js Middleware Auth.Bypass Vulnerability
What is the Vulnerability?FortiGuard Labs has identified ongoing attack attempts targeting a critical authorization bypass vulnerability (CVE-2025-29927) in the middleware system of the Next.js framework, a popular React-based framework for building full-stack web applications.The issue arises from improper handling of an internal HTTP header: x-middleware-subrequest. This header, when manipulated, can bypass middleware execution, allowing attackers…