Cisco warns of max severity RCE flaws in Identity Services Engine

Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). The flaws, tracked under CVE-2025-20281 and CVE-2025-20282, are rated with max severity (CVSS score: 10.0). The first impacts ISE and ISE-PIC versions 3.4 and 3.3, while the […]

Man pleads guilty to hacking networks to pitch security services

A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S. Department of Justice announced on Wednesday. 32-year-old Nicholas Michael Kloster was indicted last year for hacking into the networks of three organizations in 2024, including a health club and a Missouri nonprofit corporation. According to court documents, […]

3 key takeaways from the Scattered Spider attacks on insurance firms

Scattered Spider continues to dominate the headlines, with the latest news linking the hackers to attacks on U.S. insurance giant Aflac, Philadelphia Insurance Companies, and Erie Insurance, disclosed through SEC Form 8-K filings which indicate the theft of sensitive customer data and operational disruption.  This comes at the same time that Google Threat Intelligence Group […]

Microsoft confirms Family Safety blocks Google Chrome from launching

Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and other web browsers on Windows systems. Microsoft Family Safety helps parents monitor their children’s activity across desktop and mobile devices, providing screen time management, content filtering, app controls, location tracking, communication monitoring, and activity reports. Redmond acknowledged the […]

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

CISA has confirmed that a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks. The MegaRAC BMC firmware provides remote system management capabilities for troubleshooting servers without being physically present, and it’s used by several vendors (including HPE, Asus, and ASRock) that supply equipment to cloud service […]

Hackers turn ScreenConnect into malware using Authenticode stuffing

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s  Authenticode signature. ConnectWise ScreenConnect is a remote monitoring and management (RMM) software that allows IT admins and managed service providers (MSPs) to troubleshoot devices remotely. When a ScreenConnect installer is built, it can be customized […]