cybersecurity

Greenlane’s SOC 2 Type 2 milestone is more than a procurement checkbox for the commercial EV charging sector. It signals that the company is trying to sell something fleet operators have increasingly demanded from every infrastructure partner: not just uptime and power, but verifiable...

Schneider Electric has disclosed a high‑impact use of hard‑coded credentials vulnerability in EcoStruxure IT Data Center Expert (DCE) that — when a rarely enabled feature (SOCKS Proxy) is turned on and an attacker already possesses administrator and PostgreSQL credentials — could lead to...

Microsoft’s security team has raised the alarm on a subtle but effective evolution of the long-running ClickFix social‑engineering scam: attackers are now tricking victims into opening Windows Terminal and pasting encoded commands directly into it, which in multiple observed chains results in...

If you live or run a business in Malvern and are shopping for a trusted TSS security provider, this is the practical, in‑depth guide you need to separate marketing from reality, understand the technology, and make decisions that lower real risk instead of simply adding gadgets. Background /...

The macidn/punycode bug tracked as CVE-2024-6874 is real, but the short answer to the question is: Microsoft’s public attestation names Azure Linux as the product that includes the affected upstream component, but that attestation is an inventory statement — not proof that no other Microsoft...

An out-of-memory bug in Mozilla-derived code assigned CVE-2024-6603 can cause a failed allocation to be followed by an unconditional free, producing memory corruption; Microsoft’s public advisory names Azure Linux as a product that includes the implicated open‑source component and is therefore...

Microsoft’s public advisory for CVE‑2025‑40913 confirms a vulnerability in the Perl module Net::Dropbear (versions up through 0.16) that stems from an embedded, vulnerable copy of the libtommath library — and Microsoft’s statement that “Azure Linux is the product that includes the open‑source...

A critical denial-of-service vulnerability in the libvpx VP9 encoder — tracked as CVE-2023-44488 — allows specially crafted input to crash the encoder in libvpx versions prior to 1.13.1, posing a real availability risk for any service or application that performs VP9 encoding or otherwise embeds...

A low-level parsing bug in Fluent Bit’s HTTP input has been cataloged as CVE‑2024‑23722 and quietly but decisively demonstrates how a small string-validation lapse can turn a ubiquitous telemetry agent into a reliable denial‑of‑service trigger for observability pipelines. The vulnerability...

The European Parliament has taken the rare and unambiguous step of disabling built‑in generative AI features on the work devices it issues to Members of the European Parliament (MEPs) and staff — a precautionary block driven by an internal cybersecurity assessment that concluded the institution...

Professional credentials still matter — but the rules have changed: certifications are now strategic signals that must be paired with demonstrable work, up‑to‑date hands‑on experience, and a clear alignment to the technologies employers actually use. That’s the central takeaway from a compact...

A wave of tech‑support fraud that weaponized paid Bing search ads and Microsoft Azure Blob Storage burst into view in early February, converting routine web searches into convincing “Azure Support” scare pages and phone scams that hit at least 48 U.S. organizations across healthcare...

Sophos’ Counter Threat Unit (CTU) uncovered a deceptively simple but operationally dangerous pattern: widely distributed Windows virtual machine templates shipped by a mainstream hosting control panel embed static NetBIOS hostnames, certificate subjects, and other system identifiers, producing...

CISA’s latest KEV update elevates four distinct and high-impact vulnerabilities—two in Sangoma FreePBX, one in GitLab, and one in SolarWinds Web Help Desk—into the Known Exploited Vulnerabilities (KEV) Catalog, signaling credible evidence of active exploitation and forcing an operational...

Avation Light Engine Pro has been flagged by a U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory as exposing its entire configuration and control interface without any authentication, a design failure that CISA scores as critical (CVSS v3.1 — 9.8) and traces to CWE‑306...

Integrated Systems Europe (ISE) Barcelona 2026 is shaping up to be the year professional AV (ProAV) stops being “just a screen and a projector” and starts to function as a distributed intelligence layer for buildings, meetings, retail and public spaces—driven by a convergence of edge AI...

Almost nine in ten large organisations that are exposed to actively exploited vulnerabilities leave those weaknesses unpatched for six months or longer, according to fresh industry analysis that should alarm CISOs, boards, and cyber insurers alike. Background The headline figure—almost 9 in 10...

Microsoft has quietly but deliberately set a firm deadline to end a decades‑long compatibility compromise: RC4 (RC4‑HMAC) will no longer be the assumed, permissive fallback for Kerberos ticket encryption on Windows domain controllers, and Microsoft has delivered a staged rollout tied to...

CISA’s decision to add five distinct vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on January 26, 2026, is a clear operational red flag: the agency has determined there is evidence of active or credible exploitation, and those entries now carry mandatory remediation weight...

A critical weakness in Microsoft Copilot Personal allowed attackers to turn a single, legitimate click into a stealthy exfiltration channel that could siphon profile attributes, file summaries and conversational memory — a chained prompt‑injection attack Varonis Threat Labs labeled “Reprompt”...