Hot Topic

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require manufacturers of CCTV cameras to submit hardware, software and source code for assessment in government labs, official documents and company emails show. The security-testing policy has sparked industry warnings of …

Recent security research has shown that attackers can weaken zero-trust security frameworks by exploiting a key DNS vulnerability, disrupting automated secret rotation. The research reveals a complex attack chain that starts with disrupting DNS servers and ends with unauthorized access to cloud services, exposing serious flaws in Non-Human Identity (NHI) …

A nationwide phone network has gone down in Spain, shortly after blackouts caused chaos and significant financial losses. Emergency services in several regions had to issue new phone numbers after Telefonica’s network upgrades caused phone lines to fail. Reports in Spanish media state that landline telephones were the most impacted, …

A new class of vulnerabilities in Intel processors, called Branch Predictor Race Conditions (BPRC), enables attackers to extract sensitive data from the cache and RAM of other users on the same hardware. Recent research by computer scientists from the Computer Security Group (COMSEC) at the Department of Information Technology and …

Attackers linked to the Play ransomware operation deployed a zero-day privilege escalation exploit during an attempted attack against an organization in the U.S. The attack occurred prior to the disclosure and patching of a Windows elevation of privilege zero-day vulnerability (CVE-2025-29824) in the Common Log File System Driver (clfs.sys) on …

Ireland’s Data Protection Commission fined TikTok €530 million ($601 million) on Friday for violating data protection laws by transferring European users’ data to China. “TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements,” the DPC said in a statement. …

Microsoft is focusing on eliminating password-based authentication, promoting passwordless sign-in and sign-up methods instead. For the past decade, Microsoft has allowed users to sign in using facial recognition, fingerprints, or a PIN with Windows Hello. Now, over 99% of users use this method to access their Windows devices, according to …

South Korea’s largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers. The …

SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL certificates for domains they do not own. David Zhao, a senior researcher at CitadelCore Cyber Security Team, reported a flaw that allows manipulation of the system to issue certificates for …

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called “symlink”. This number has increased from the initial 14,000 and is expected to rise as investigations continue. The attack takes advantage of known vulnerabilities in Fortinet’s FortiGate devices. After gaining access, the threat …