cybersecurity

  1. Security vs Convenience: Windows Passkeys Patches and Policy in 2025

    Russia’s sudden mobile “cooling-off” for returning travellers, Microsoft’s push to make passkeys a first-class OS feature, and a flurry of vendor patches and threat intelligence reports together make this an unusually consequential week for enterprise defenders and everyday Windows users alike —...
  2. Urgent Patch for Siemens Spectrum Power 4: Update to V4.70 SP12 Update 2

    Siemens has published fixes for a cluster of high‑severity vulnerabilities in Spectrum Power 4 that can lead to local and network‑accessible privilege escalation and remote command execution; operators must update to V4.70 SP12 Update 2 (or later) immediately and apply network compensations...
  3. Securing SICAM P850 and P855: CSRF Cookies and Patch Guidance for OT

    The Siemens SICAM P850 and SICAM P855 families of power‑system devices have a history of web‑interface flaws that together create a meaningful operational risk for utilities and industrial operators: multiple advisories from Siemens ProductCERT and republished CISA advisories identify Cross‑Site...
  4. CVE-2025-62206: Patch Dynamics 365 On Premises Info Disclosure Now

    Microsoft has published an advisory for CVE-2025-62206, an information disclosure vulnerability affecting Microsoft Dynamics 365 (On‑Premises); the issue is network‑accessible, requires user interaction, and has been assigned a CVSS v3.1 base score of 6.5 (Medium) with a confidentiality impact...
  5. Louvre Heist Exposes Legacy Systems and Weak Passwords

    The image of masked thieves riding away from the Musée du Louvre with crown jewels in broad daylight was cinematic — the more damaging part is the audit trail and leaked excerpts showing that auditors once accessed the museum’s video‑surveillance server with the literal password LOUVRE, and that...
  6. Louvre Heist Reveals Cyber Security Failures and Password Risk

    The Louvre’s security story after the October heist is less a thriller’s last-act twist and more an institutional autopsy: auditors once logged that the server driving the museum’s video surveillance accepted the literal password LOUVRE, a detail that has become shorthand for a decade of...
  7. Louvre Heist Exposes Critical Cyber Security Failures and Governance Gaps

    The image of masked men riding scooters away from the Musée du Louvre with jewel-encrusted relics is the cinematic part — the deeper, more unsettling story is the discovery that auditors once accessed the museum’s video‑surveillance server using the password “LOUVRE,” a finding that reframes the...
  8. Urgent Patch and Mitigation for ABB FLXeon Controller Vulnerabilities

    A wave of high-severity vulnerabilities affecting ABB’s FLXeon building-automation controllers has forced urgent action across industrial operations and facilities management teams: multiple CVEs expose remote command execution, hard-coded credentials, weak hashing and file-path handling that —...
  9. Louvre Heist Exposes Cyber Physical Security Lapses and Legacy Tech

    The Louvre’s security collapse reads like a cautionary tale written for IT teams: a daylight heist that lasted under eight minutes exposed not only a physical breach of priceless objects but decades of deferred cybersecurity maintenance, trivial credential hygiene, and unsupported vendor...
  10. Urgent WSUS CVE-2025-59287 RCE Patch and Defender Playbook

    Microsoft and multiple security vendors are warning of an active, high‑urgency exploitation campaign that abuses a critical, unauthenticated Remote Code Execution (RCE) flaw in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — and defenders must treat every WSUS host as a...
  11. Urgent WSUS Patch Fends Off Critical RCE CVE-2025-59287

    Microsoft has confirmed an emergency out‑of‑band patch for a critical Windows Server Update Services (WSUS) remote code execution flaw — and threat actors moved quickly, exploiting internet‑exposed WSUS instances within days of public proof‑of‑concept code appearing. Background WSUS is the...
  12. Urgent WSUS Patch: CVE-2025-59287 RCE Fix Out-of-Band (2025)

    Microsoft has released an out‑of‑band emergency patch to fix a critical remote code execution vulnerability in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — and every WSUS host must be treated as a top‑tier remediation priority until it is patched or isolated. The flaw is a...
  13. Ex L3Harris Cyber Boss Accused of Stealing Eight Trade Secrets for Russia

    In a development that reads like a modern Cold War thriller, U.S. prosecutors this month accused a former executive tied to a government cyber-intelligence contractor of stealing and selling proprietary hacking tools to a Russian-based buyer for roughly $1.3 million — allegations that expose...
  14. Siemens RUGGEDCOM ROS Vulnerabilities: Patch to 5.10.0 and Mitigations

    Siemens has confirmed multiple serious vulnerabilities in its RUGGEDCOM ROS family that affect a wide range of industrial switches, routers and serial‑to‑Ethernet gateways, and it is urging operators to update to the newly released ROS 5.10.0 where available and apply strict network mitigations...
  15. Rockwell 1783 NATR Vulnerabilities: Upgrade to Firmware 1.007 Now

    Rockwell Automation has published a critical security advisory for the 1783‑NATR Network Address Translation (NAT) router: three distinct vulnerabilities (CVE‑2025‑7328, CVE‑2025‑7329 and CVE‑2025‑7330) affect firmware versions 1.006 and earlier and are fixed in version 1.007; the flaws include...
  16. Windows 10 End of Support: Fast Safe Ways to Protect Legacy Apps

    Windows 10’s official support end is a hard deadline — but for organizations wrestling with legacy, mission‑critical applications, the moment is not a verdict of doom; it’s a call to action with practical, fast, and defensible options to keep apps running securely while you plan longer‑term...
  17. Windows 10 Ends Routine Updates; Firefox Continues Patching On 10

    Microsoft’s final free monthly update for Windows 10 has landed, and the practical consequences are now clear: Microsoft has ended routine OS-level servicing for Windows 10, but Mozilla says Firefox will keep receiving feature and security updates on Windows 10 for the foreseeable future — a...
  18. Rockwell FactoryTalk ViewPoint XXE CVE-2025-9066 Impacts PanelView Plus 7 DoS

    A recently disclosed vulnerability in Rockwell Automation’s FactoryTalk ViewPoint allows unauthenticated remote attackers to trigger an XML External Entity (XXE) injection via certain SOAP requests, producing a temporary denial-of-service condition that affects PanelView Plus 7 terminals running...
  19. Windows 10 End of Support: Defender Updates to 2028 and ESU

    Microsoft's decision to keep Microsoft Defender Antivirus receiving definition and detection updates on Windows 10 for years after the operating system's official end-of-support does reduce one vector of risk — but it is emphatically not a replacement for ongoing OS security patches, feature...
  20. CamoLeak: Copilot Chat Exfiltration via GitHub Camo Proxy

    GitHub Copilot Chat was quietly turned into an exfiltration channel by a newly disclosed flaw, dubbed CamoLeak, that let attackers hide prompts in pull requests and smuggle private data out of repositories using GitHub’s own image proxy — a potent reminder that integrating AI into development...