VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.
United Natural Foods loses up to $400M in sales after cyberattack | CyberScoop
The food distributor and wholesaler completely shut down its systems upon discovering the attack last month, yet core systems were restored and normal operating capacity returned within three weeks.
State Department cyber diplomacy firings and changes threaten U.S. defenses
Departures and restructuring will make it harder for the agency to pursue global policies that strengthen its own critical infrastructure, experts said.
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms.
Recession, Risk and Retaliation: Mapping Global Economic Fault Lines - interos.ai
Author: Teddy DeWitt, PhD, Lead Computational Social Scientist Recession Fears Linger Amidst Consumer Pessimism and Tariff Uncertainty The U.S. economy ma
Russian vodka producer reports disruptions after ransomware attack
Novabev Group, the Russian maker of Beluga Vodka and other brands, had to stop shipments and temporarily close stores in its WineLab subsidiary after a ransomware attack.
Transparency on Microsoft Defender for Office 365 email security effectiveness
Read how Microsoft is transparently sharing performance data from Microsoft Defender for Office 365 and other ecosystem providers to help customers evaluate email security solutions.
[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories
Checkpoint finds malware containing prompt injection, why preventative security is hard, @Rhynorater talk sharing 11 of his most impactful and technically challenging vulnerabilities
Armenian, Ukrainian nationals among Ryuk ransomware actors facing US hacking charges
Armenian national Karen Serobovich Vardanyan, 33, was extradited from Ukraine last month and now faces up to five years in prison for his role in Ryuk, prosecutors said on Wednesday.
Chinese hackers breached National Guard to steal network configurations
The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks.
Max severity Cisco ISE bug allows pre-auth command execution, patch now
A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices.
Airbus prépare l’A400M à devenir le « vaisseau mère » des drones de combat
L’Airbus A400M, connu depuis ses débuts comme une référence mondiale du transport militaire, s’apprête à endosser de nouveaux rôles. Parmi eux ? Celui de « vaisseau mère » pour les drones de combat. Initialement conçu pour l’emport de charges lourdes et le soutien logistique, l’A400M voit ses missions s’élargir au
Elite Russian university launches degree program on sanctions evasion
The Higher School of Economics (HSE), a leading Russian institution, said the two-year course will focus on international corporate compliance and business ethics, and will be taught in both Russian and English.
UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate
A former National Crime Agency investigator who worked on the Silk Road case was sentenced to more than five years in prison for stealing 50 bitcoin seized in that operation.
The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.
Compliance is Falling Behind with Non-Human Identities | CSA
Every major compliance framework, including PCI DSS, GDPR, and ISO 27001, requires strong access controls. Yet Non-Human Identities (NHIs) are often overlooked.