Critical Railway Braking Systems Open to Tampering – Dark Reading
It only takes recycled cans, copper, and cheap gadgets off the Web to trick a train conductor into doing something dangerous. – Read More
Cyber
Hidden API in Comet AI browser raises security red flags for enterprises – CSO Online
SquareX has disclosed a previously undocumented API within the Comet AI browser that allows its embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream browsers intentionally block.…
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide – The Hacker News
A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive…
Datenpanne bei Eurofiber France – CSO Online
Der TK-Anbieter Eurofiber France ist von Datendiebstahl betroffen. PixelBiss – shutterstock.com Der TK-Konzern Eurofiber Group hat sich auf die digitale Infrastruktur von Unternehmen spezialisiert und betreibt ein Glasfasernetz in den…
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software – The Hacker News
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats…
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates – The Hacker News
The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper “redirects all DNS queries to an…
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts – The Hacker News
Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according…
Overcome the myriad challenges of password management to bolster data protection – CSO Online
Strengthening the protection of confidential and sensitive data is currently a priority for 40% of chief security officers. And both enterprises and small and mid-sized businesses have already made significant…
Behind the firewall: The hidden struggles of cyber professionals with a disability – CSO Online
Problem-solving is what cyber professionals do best, but one problem the industry has yet to solve is inclusion. Despite progress in diversity, research shows many professionals with disabilities or neurodivergent…
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild – The Hacker News
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of…
US Creates ‘Strike Force’ to Take Out SE Asian Scam Centers – Dark Reading
The collaborative effort combines multiple federal departments, along with private companies to reduce, if not eliminate, billions lost annually to fraud. – Read More
Anthropic AI-powered cyberattack causes a stir – CSO Online
AI company Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack…
Cloud Break: IoT Devices Open to Silent Takeover Via Firewalls – Dark Reading
IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they’re protected by security software or not online. – Read More
Can a Global, Decentralized System Save CVE Data? – Dark Reading
As vulnerabilities in the Common Vulnerabilities and Exposures ecosystem pile up, one Black Hat Europe presenter hopes for a global, distributed alternative. – Read More
Iran-Nexus Threat Actor UNC1549 Takes Aim at Aerospace – Dark Reading
Researchers say Israel remains a central focus, with UNC1549 targeting aerospace and defense entities in the US, the UAE, Qatar, Spain, and Saudi Arabia. – Read More