Microsoft’s August Patch Tuesday: Kerberos Drama and 110 Close Friends Microsoft’s August 2025 Patch Tuesday fixes 111 vulnerabilities across Windows and wider Microsoft products. One flaw, CVE-2025-53779 in Windows Kerberos, was publicly disclosed and could help an attacker with certain delegated-account permissions pivot to full Active Directory compromise. In total there are 16 Critical, 92 […]
ReVault: When Your “Security Chip” Needs a Security Chip of Its Own Security researchers (Cisco Talos) disclosed “ReVault”—a set of five flaws in Dell ControlVault3 (a Broadcom-based security chip and its Windows APIs) used in 100+ laptop models. Chained together, the bugs could let attackers bypass Windows login, extract keys and persist in firmware even […]
The Wild West of Shadow IT: Why Your Staff Are Installing Trouble at the Click of a Button The CyberWhite article The Wild West of Shadow IT warns that employees now adopt SaaS and AI tools faster than security teams can vet them, creating a sprawl of unapproved apps, OAuth tokens and embedded AI that […]
How to Stop a Sneaky Man-in-the-Middle The CyberWhite guide explains how man-in-the-middle (MITM) attacks let crooks slip between users and online services to pinch log-ins, card details and other goodies. It recaps headline-grabbing examples (Equifax, Lenovo Superfish, DigiNotar) and outlines favourite tactics: rogue public-Wi-Fi, mDNS/DNS spoofing, ARP games and look-alike access points. Defence boils down […]
Dahua Cameras Get the Starring Role in Their Own Horror Film Security researchers at Bitdefender uncovered two critical buffer-overflow bugs (CVE-2025-31700, CVE-2025-31701, CVSS 8.1) in Dahua smart-camera firmware built before 16 April 2025. One flaw sits in the ONVIF request handler, the other in the RPC file-upload routine. An unauthenticated attacker can sling a specially […]
SonicWall’s VPNs May Have a Nasty Zero-Day – Akira Ransomware Gate-crashes the Party SonicWall is probing a potential zero-day flaw in its Gen 7 SSL VPN firewalls after security firms Arctic Wolf and Huntress logged more than 20 Akira-ransomware break-ins since late July 2025. Victims were fully patched and even with MFA attackers still slipped […]
“ClickFix” malvertising: crooks rent Google Ads so you’ll download their dodgy installers Researchers have spotted a sprawling malvertising operation nick-named “ClickFix” that hijacks Google Ads to lure users searching for popular software (Chrome, WhatsApp, Adobe Reader) onto copy-cat sites. The bogus pages serve malicious MSI installers laced with OxtaRAT remote-access malware. Once executed, the payload […]
Fake OAuth apps: the latest con trick against Microsoft 365 users Threat actors are using fake Microsoft 365 OAuth apps, spoofing brands like RingCentral, SharePoint and Adobe, to trick users into granting access to their accounts. The crooks combine the bogus apps with Tycoon Phishing-as-a-Service kits, redirecting victims through a CAPTCHA and then an adversary-in-the-middle […]
HPE’s Wi‑Fi Kit Gets a Nasty Surprise: Hard‑Coded Passwords Hewlett‑Packard Enterprise (HPE) has patched two nasty bugs in its Instant On wireless access‑points. The worst, CVE‑2025‑37103 (CVSS 9.8), comes from hard‑coded admin credentials that let anyone waltz straight past the login screen. A second flaw, CVE‑2025‑37102 (CVSS 7.2), allows command injection once you’re signed in. Chained together, the pair […]
