An 18-Year-Old Codebase Left Smart Buildings Wide Open
Researcher Gjoko Krstic’s “Project Brainfog” exposed hundreds of zero-day vulnerabilities in building-automation systems still running hospitals, schools, and offices worldwide.
-
-
Claroty Patches Authentication Bypass Flaw
CVE-2025-54603 gave attackers an opening to disrupt critical operational technology (OT) environments and steal data from them.
-
LotL Attack Hides Malware in Windows Native AI Stack
Security programs trust AI data files, but they shouldn’t: they can conceal malware more stealthily than most file types.
-
BRONZE BUTLER exploits Japanese asset management software vulnerability
The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)
-
Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month
Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing…
-
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in…
-
New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
A severe vulnerability disclosed in Chromium’s Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. “It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations…
-
Build a prevention-first defense: The Sophos Cybersecurity Toolkit
Explore the Cybersecurity toolkit and start building your prevention-first strategy today.
-
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof. When a new exploit drops, scanners…
-
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s