Securing the AI Supply Chain: What Can We Learn from Developer-Reported Security Issues and Solutions of AI Projects?

The rapid growth of Artificial Intelligence AI models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known...

Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025

The AV-Comparatives Stalkerware Test 2025 delivers a sobering look at the evolving threat posed by stalkerware on mobile devices. Despite measures from both the tech industry and platform providers, stalkerware-type apps, which are apps that can be installed covertly to spy on a victim’s private...

The new Microsoft Security Store unites partners and innovation

On September 30, 2025, Microsoft announced a bold new vision for security: a unified, AI-powered platform designed to help organizations defend against today’s most sophisticated cyberthreats. But an equally important story—one that’s just beginning to unfold—is how the Microsoft Security Store i...

The Differences Between API Gateway and WAAP — and Why You Need Both

...

EUVD-2015-0808

Malware in sbrugna...

openSUSE Security Advisory (SUSE-SU-2025:02538-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors

The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence team and...

Why Trend Micro Continues to be Named a CNAPP Leader

Trend Micro is recognized for our Cloud CNAPP capabilities and product strategy—affirming our vision to deliver a cloud security solution that predicts, protects, and responds to threats across hybrid and multi-cloud environments...

2025-06 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5060531)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Why It’s Time to Retire Traditional VPNs, Part 1

...

Our capabilities. A story about what we can achieve

Introduction Over the years we have been fortunate to have been called upon to help with some challenging investigations. iPhone prize scams, ransomware attacks that weren't, aiding the Steele Dossier case, and even a fraudulent €14 million transfer. Here we've picked out the most interesting one...

CVE-2023-7103

Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024...

One mighty fine-looking report

Welcome to this week's edition of the Threat Source newsletter. They say art is subjective, but have you ever seen a well-formatted bar chart? Van Gogh had Starry Night , but Talos' 2024 Year in Review available now! has color-coded data with perfect labels. True beauty. If you haven't yet had a...

Rational Astrologies and Security

John Kelsey and I wrote a short paper for the Rossfest Festschrift: "Rational Astrologies and Security": There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational...

Trend Cybertron: Full Platform or Open-Source?

Previously exclusive to Trend Vision One customers, select Trend Cybertron models, datasets and agents are now available via open-source. Build advanced security solutions and join us in developing the next generation of AI security technology...

Cybertron Reshapes AI Security as “Cyber Brain” Grows

Previously exclusive to Trend Vision One customers, select Trend Cybertron models, datasets and agents are now available via open-source. Build advanced security solutions and join us in developing the next generation of AI security technology...

Imperva Named a Leader in Forrester Wave™: Web Application Firewall (WAF) Solutions: A Continued Legacy of Excellence

In today’s digital-first environment, protecting web applications and APIs is a critical priority for businesses. Organisations seek trusted solutions that balance robust protection, scalability, and ease of use. It’s no surprise that Imperva has been named a Leader in the Forrester Wave: Web...

Silk Typhoon targeting IT supply chain

Executive summary: Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access. While they haven't been observed directly targeting Microsoft...

F5 BIG-IP APM Access Profile Vulnerability

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. An access profile vulnerability exists in F5 BIG-IP APM that can be exploited by an attacker to cause the Traffic Management Microkernel TMM t...

JVN#65447879: Multiple vulnerabilities in NEC Aterm series (NV25-003)

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score 4.8 CVE-2025-0354 Missing Authentication for Critical Function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...