August 2025 Patch Tuesday forecast: Try, try again
July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed …
Photos: Black Hat USA 2025
Here’s a look inside Black Hat USA 2025. The featured vendors are: Stellar Cyber, Vonahi Security, Gurucul, Check Point, HackerOne, EasyDMARC, Elastic, Google, Tines, …
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit
Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, …
Google open-sources privacy tech for age verification
Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which …
Google’s Gemini CLI brings open-source AI agents to developers
Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, …
Android Enterprise update puts mobile security first
Google is rolling out new Android Enterprise features aimed at improving mobile security, IT management, and employee productivity. According to Zimperium’s 2025 Global Mobile …
Millions of Android devices roped into Badbox 2.0 botnet. Is yours among them?
Millions of Internet-of-Things (IoT) devices running the open-source version of the Android operating system are part of the Badbox 2.0 botnet, the FBI has warned. Cyber …
June 2025 Patch Tuesday forecast: Second time is the charm?
June 2025 Patch Tuesday is now live: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) Microsoft has been busy releasing more out-of-band (OOB) patches …
Google survey shows Americans are changing how they fight scams
If it seems like scams are popping up everywhere lately, you’re not wrong. A new survey from Google shows most Americans feel the same, and they’re starting to change how they …
Attackers fake IT support calls to steal Salesforce data
Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat …
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of …
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …
Featured news
Resources
Don't miss
- Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)
- WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)
- APT groups are getting personal, and CISOs should be concerned
- What makes a security program mature and how to get there faster
- EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations