Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as CVE-2025-12816 and received a high severity rating. It arises from the library’s ASN.1 validation mechanism, which allows malformed data to pass checks even when it is cryptographically invalid. […]

Comcast to pay $1.5M fine for vendor breach affecting 270K customers

Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. The breach occurred in February 2024, when attackers hacked into the systems of Financial Business and Consumer Solutions (FBCS), a debt collector Comcast had stopped using two […]

Multiple London councils’ IT systems disrupted by cyberattack

The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue. Multiple systems have been impacted by the attack, including phone lines, which prompted the two councils to activate emergency plans to make sure that residents still receive critical services. The two authorities […]

Microsoft to secure Entra ID sign-ins from script injection attacks

Microsoft plans to enhance the security of the Entra ID authentication system against external script injection attacks starting in mid-to-late October 2026. This update will implement a strengthened Content Security Policy that allows script downloads only from Microsoft-trusted content delivery network domains and inline script execution only from Microsoft-trusted sources during sign-ins. After rollout, it […]

ASUS warns of new critical auth bypass flaw in AiCloud routers

ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. AiCloud is a cloud-based remote access feature that comes with many ASUS routers, turning them into private cloud servers for remote media streaming and cloud storage. As the Taiwanese electronics manufacturer explained, the CVE-2025-59366 […]

Passwork 7: Self-hosted password and secrets manager for enterprise teams

Author: Eirik Salmi, System Analyst at Passwork Organizations manage credentials across distributed teams, applications, and infrastructure — passwords, API keys, certificates, and tokens that require different access patterns and security controls. Traditional password managers address individual user needs but weren’t designed for operational complexity at scale. Different roles have different requirements: DevOps teams need programmatic […]

OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide

Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States. The CodeRED platform enables these agencies to send alerts to residents during emergencies. The cyberattack forced Crisis24 to decommission the legacy CodeRED […]

FBI: Cybercriminals stole $262M by impersonating bank support teams

The FBI warned today of a massive surge in account takeover (ATO) fraud schemes and said that cybercriminals impersonating financial institutions have stolen over $262 million in ATO attacks since the start of the year. Since January 2025, the FBI’s Internet Crime Complaint Center (IC3) has received over 5,100 complaints, with the attacks impacting individuals, as well as businesses and organizations across […]