CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

CVE-2025-36192

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play...

Strengthening Cybersecurity Resilience in Agriculture through Educational Interventions: a Case Study of the Ponca Tribe of Nebraska

The increasing digitization of agricultural operations has introduced new cybersecurity challenges for the farming community. This paper introduces an educational intervention called Cybersecurity Improvement Initiative for Agriculture CIIA, which aims to strengthen cybersecurity awareness and...

CVE-2024-20280

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

Clorox counts the cost of cyberattack

Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year. On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. Despite a business continuity plan, the incident...

3 tips to raise your backup game

If there was an award for "most overlooked really important thing in computing", backups would win. Every year. So let's put that right and spend a minute or two thinking about backups. Backups are great! Having backups is like having a do-over for your mistakes, and who hasn't wished for that? A...

One in nine online stores are leaking your data, says study

eCommerce security company Sansec has revealed it's found a number of online stores accidentally leaking highly sensitive data. After studying 2,037 online stores, the company found that 12.3 percent exposed compressed files in ZIP, SQL, and TAR archive formats, which BleepingComputer noted appea...

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted E2EE data backups in its iCloud service. The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and...

Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

CISA, Federal Bureau of Investigation FBI, National Security Agency NSA, U.S. Cyber Command USCC - Cyber National Mission Force CNMF, Department of the Treasury, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, and United Kingdom’s National Cyber Security Centre NCS...

Securing mobile devices. A timely reminder

While home working might now be the norm for some, more and more people are going back to their place of work on a more regular basis. If you’re commuting again or if you’re responsible for securing your people’s devices it’s a good idea to revisit and review your security admin for mobile device...

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only theyd had proper data backups. But the ugly truth is there are many non-obvious reasons why victims...

COVID-19 Clinical Trials Slowed After Ransomware Attack

A ransomware attack has hit eResearchTechnology, a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines. The attackers could be financially motivated — or could be backed by a nation-state looking to gain...

N.Y. Could Ban Cities from Paying Ransomware Attackers

New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and...

Hackers Destroyed VFEmail Service – Deleted Its Entire Data and Backups

What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out? The worst nightmare of its kind. Right? But that's precisely what just happened this week with VFEmail.net, a US-based secure email provider that lost...

[SECURITY] Fedora 28 Update: mysql-mmm-2.2.1-20.fc28

MMM MySQL Master-Master Replication Manager is a set of flexible scripts to perform monitoring/failover and management of MySQL Master-Master replication configurations with only one node writable at any time. The toolset also has the ability to read balance standard master/slave configurations...

[SECURITY] Fedora 26 Update: mysql-mmm-2.2.1-20.fc26

MMM MySQL Master-Master Replication Manager is a set of flexible scripts to perform monitoring/failover and management of MySQL Master-Master replication configurations with only one node writable at any time. The toolset also has the ability to read balance standard master/slave configurations...

[SECURITY] Fedora 27 Update: mysql-mmm-2.2.1-20.fc27

MMM MySQL Master-Master Replication Manager is a set of flexible scripts to perform monitoring/failover and management of MySQL Master-Master replication configurations with only one node writable at any time. The toolset also has the ability to read balance standard master/slave configurations...