Popular AI Systems Still a Work-in-Progress for Security darkreadingRobert Lemos, Contributing Writer
August 13, 2025

According to a recent Forescout analysis, open-source models were significantly less successful in vulnerability research than commercial and underground models. According to a recent Forescout analysis, open-source models were significantly less …


Patch Now: Attackers Target OT Networks via Critical RCE Flaw darkreadingElizabeth Montalbano, Contributing Writer
August 13, 2025

Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development. Researchers observed exploitation attempts against a vulnerability …


New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks The Hacker [email protected] (The Hacker News)
August 13, 2025

Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to …


What the LockBit 4.0 Leak Reveals About RaaS Groups darkreadingMichele Campobasso
August 13, 2025

The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack …


How an AI-Based ‘Pen Tester’ Became a Top Bug Hunter on HackerOne darkreadingRob Wright
August 13, 2025

AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US leaderboard. AI researcher explains how an automated penetration-testing …


Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws The Hacker [email protected] (The Hacker News)
August 13, 2025

Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.  The vulnerability impacting Zoom Clients for …


CISA Adds Two Known Exploited Vulnerabilities to Catalog AlertsCISA
August 13, 2025

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-8875 N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876 N-able N-central Command Injection Vulnerability These types of …


CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators AlertsCISA
August 13, 2025

CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators …


Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code The Hacker [email protected] (The Hacker News)
August 13, 2025

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score …


AI SOC 101: Key Capabilities Security Leaders Need to Know The Hacker [email protected] (The Hacker News)
August 13, 2025

Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be …