International

Security researchers disclosed a cirtical flaw in Amazon Elastic Container Service (ECS) that enables harmful containers to steal AWS credentials from other tasks on the same EC2 instance. The attack, dubbed “ECScape,” exploits an undocumented internal protocol to impersonate the ECS agent and harvest privileged credentials without requiring container breakout. …

Let’s look at 7 tools for automating patch deployment. Each tool offers unique features for various environments, from small DevOps teams to large enterprises. Attune by AttuneOps (Windows and Mac: Free & Enterprise) Best for: DevSecOps teams and infrastructure-as-code workflows Attune is purpose-built for automating complex server administration tasks, with …

Germany’s top court ruled on Thursday that police can secretly install spy software on phones and computers only for serious crimes. Key Points: German high court has limited the use of police spy software to serious criminal investigations. The court called the use of spyware a “serious interference” with privacy …

SmartData, has introduced advanced fire-extinguishing technology; Firepass, is gaining attention in Bangladesh as a fire prevention solution. This technology prevents fire from spreading in a specific area and can quickly extinguish any fire that starts. Now, this technology is cheaper than the traditional fire fighting system in Bangladesh but its …

A covert attack on ATM systems has been detected, using a hidden Raspberry Pi to access internal bank networks. The intrusion involved physical access, a rarely seen anti-forensics technique and malware designed to avoid standard detection methods. Attackers Gained Physical Access to ATM Network: A group named UNC2891 connected a …

OWASP has released new guidelines for securing AI applications that use large language models. The guidance, released on July 28, provides technical recommendations for builders and developers of AI agents, particularly targeting AI/ML engineers, software developers, security experts, and AppSec professionals. “As AI systems evolve toward more autonomous, tool-using, and …

Cybersecurity researchers from CloudSEK’s STRIKE team used facial recognition and GPS to uncover a large fake currency scheme worth over $2 million in India, revealing individuals and their activities on Facebook and Instagram. A major counterfeit currency operation has been discovered, producing fake notes worth millions. Cybersecurity firm CloudSEK revealed …

Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for …

GitLab patches six vulnerabilities in Community Edition (CE) and Enterprise Edition (EE), with versions 18.2.1, 18.1.3, and 18.0.5 now ready for deployment. The release addresses six security vulnerabilities, including two serious cross-site scripting (XSS) issues that threaten Kubernetes proxy functionality. These patches address vulnerabilities found in GitLab’s HackerOne bug bounty …

TP-Link has warned users about two serious command injection vulnerabilities in its VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 devices. Identified as CVE-2025-7723 and CVE-2025-7724, these flaws have CVSS scores of 8.5 and 8.7 and could let attackers run arbitrary commands on the system. “Attackers may execute arbitrary commands on …