Advisories

  • European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms

    This is the first forensic evidence that journalists’ devices have been infected with Paragon’s Graphite spyware Read More

    Read More

  • Paragon Spyware used to Spy on European Journalists

    Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified by Apple that they…

    Read More

  • Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm

    A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool Read More

    Read More

  • Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft

    Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email Read More

    Read More

  • apache-commons-beanutils-1.9.4-39.fc41

    FEDORA-2025-3eb7c0066f Packages in this update: apache-commons-beanutils-1.9.4-39.fc41 Update description: Fix improper access control vulnerability Resolves: CVE-2025-48734 Read More

    Read More

  • apache-commons-beanutils-1.9.4-39.fc42

    FEDORA-2025-48e8e5f8ed Packages in this update: apache-commons-beanutils-1.9.4-39.fc42 Update description: Fix improper access control vulnerability Resolves: CVE-2025-48734 Read More

    Read More

  • USN-7550-7: Linux kernel (NVIDIA Tegra IGX) vulnerabilities

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – GPU drivers; – Sun RPC protocol; (CVE-2024-56551, CVE-2024-56608, CVE-2024-53168) Read More

    Read More

  • South African man imprisoned after ransom demand against his former employer

    Lucky Erasmus and a company insider installed software without authorisation on Ecentric’s systems which granted them remote access, enabling them to steal sensitive data and make unauthorised changes to senior managers’ passwords. Read more in my article on the Hot for Security blog. Read More

    Read More

  • chromium-137.0.7151.103-1.el10_1

    FEDORA-EPEL-2025-73b10a6316 Packages in this update: chromium-137.0.7151.103-1.el10_1 Update description: Update to 137.0.7151.103 CVE-2025-5958: Use after free in Media CVE-2025-5959: Type Confusion in V8 Read More

    Read More

  • chromium-137.0.7151.103-1.el9

    FEDORA-EPEL-2025-549cb45f1c Packages in this update: chromium-137.0.7151.103-1.el9 Update description: Update to 137.0.7151.103 CVE-2025-5958: Use after free in Media CVE-2025-5959: Type Confusion in V8 Read More

    Read More