Latest stories — Page 13

Schneider Electric patches three flaws in PowerLogic P7 grid protection gear
The most serious bug lets an unauthenticated attacker knock the device's control screen offline. A firmware update is out.

Satellite reaction wheel flaw lets attackers with physical access swap in malicious firmware
CISA flags a signature-verification gap in CubeSpace's CW0057, tracked as CVE-2026-13743. The vendor rates practical risk as low.

FortiBleed: 11,000 Fortinet Firewalls Still Compromised, Now Tied to INC and Lynx Ransomware
Researchers say the same crew that hoarded credentials from hundreds of thousands of Fortinet firewalls has been sitting inside the negotiation panels of two major ransomware gangs.

TA558 Is Back, Targeting Hotels and Airlines With Fake Booking Emails
A criminal group that has quietly stolen travel-industry data since 2018 has dramatically ramped up its fake-reservation campaigns, now using compressed file tricks to sneak spying software onto victims' computers.

Medtronic tells customers their personal data was stolen in ShinyHunters raid
The medical device giant confirms hackers rifled through its corporate systems for nearly a week in April, exposing names, Social Security numbers and health details.

Apple Pushes Emergency Fixes for Two Flaws Already Being Used to Attack iPhones and Macs
Two previously unknown security holes — one in the heart of Apple's operating system, one in its browser engine — are being actively exploited. Every iPhone, iPad, and Mac owner should update today.

Alleged Scattered Spider member, 19, extradited to the US after airport arrest
Peter Stokes, a dual US-Estonian citizen picked up in Helsinki in April, is accused of helping the notorious hacking crew squeeze millions from big-name companies.

CISA Orders Federal Agencies to Patch Palo Alto Firewall Flaw Being Exploited Now
A misconfigured URL filtering setting in Palo Alto Networks firewall software is letting attackers weaponise the firewalls themselves — turning them into unwitting cannons pointed at other targets.

Opera's new Paste Protect tries to stop the copy-paste scam that's been draining wallets
The browser will now block dodgy commands before they reach your clipboard, targeting the ClickFix trick that has become criminals' favourite way to trick people into infecting their own computers.

Twitter's Former Security Chief Filed an 84-Page Federal Complaint Accusing the Company of Hiding Security Failures From Regulators
Peiter Zatko says Twitter misled a federal watchdog, left half its servers unprotected, and may have foreign spies on staff. Twitter calls him a disgruntled ex-employee. Congress says it wants answers.

80,000 Hikvision Security Cameras Left Wide Open — and Criminals Are Selling the Keys
A critical flaw in one of the world's most popular surveillance cameras has sat unpatched for nearly a year on tens of thousands of devices. Now hackers are trading access on underground forums.

CISA orders federal agencies to patch SharePoint flaw by Saturday as attacks begin
A newly exploited Microsoft SharePoint bug lands in CISA's Known Exploited Vulnerabilities Catalog, triggering a three-day patching clock under Binding Operational Directive 26-04.

Cisco admits hackers are breaking into its phone system software — here's what that means
A flaw in Cisco Unified Communications Manager, the software that runs office phone systems, is now being actively abused after a patch and public exploit code lit the fuse.

Ransomware Surge Led by Lockbit and Conti Offshoots
July sees a resurgence in ransomware attacks, with Lockbit and Conti offshoots dominating the landscape.

0ktapus Phishing Campaign Hits 130 Companies, Compromising Nearly 10,000 Accounts
A widespread phishing attack targets employees of Twilio and Cloudflare, exploiting Okta's authentication system.

Microsoft restores missing Copilot buttons in Classic Outlook
A licensing bug wiped the AI assistant's buttons from the desktop email client. Microsoft says a June 29 fix has now landed.

Drag, Drop, Hijacked: How 'ConsentFix' Steals Microsoft 365 Sessions in Seconds
A new twist on the ClickFix trick turns Microsoft's own sign-in prompts into a session-theft machine — and a step-by-step guide is now circulating on a Russian crime forum.

Adobe Rushes Out Fixes for a Dozen Flaws in ColdFusion and Campaign Classic — Six Are as Bad as It Gets
Twelve security holes, six of them rated the highest possible severity, were quietly sitting in two widely used Adobe products. Patches are out. The clock is ticking.

Google loses final EU appeal, must pay €4.1 billion Android fine
The bloc's top court has ended a seven-year fight over how Google used Android to push its search engine and Chrome browser onto phones.

Nelnet Data Breach Exposes 2.5 Million Student Loan Records
A vulnerability in Nelnet's loan servicing system exposed personal data. Here's what that means for borrowers.

CISA: Attackers Are Actively Exploiting a Dangerous Flaw in Microsoft SharePoint
A vulnerability in SharePoint — Microsoft's widely used workplace file-sharing and collaboration platform — lets criminals run malicious code on company servers. Patches have been available since late May. Many organisations haven't applied them.