Microsoft has announced the launch of an open-access automation framework known as PyRIT, which stands for Python Risk Identification Tool. This framework aims to proactively identify risks associated with generative artificial intelligence (AI) systems. According to Ram Shankar Siva Kumar, the AI red team lead at Microsoft, this red teaming…
As investigations into the SolarWinds supply-chain breach progress, cybersecurity experts have unveiled a third malware variant, identified as “Sunspot.” This new threat targets the build environment, facilitating the injection of a backdoor into SolarWinds’ Orion network monitoring software. This marks an alarming addition to previously disclosed malware, notably Sunburst and…
Critical Vulnerability Discovered in React Framework: Immediate Action Required A significant security vulnerability has been identified in various versions of the React framework, prompting urgent calls for patching from researchers. This vulnerability, categorized as CVE-2025-55182, has been described by experts as a “perfect 10,” indicating its severity. Specifically, React versions…
The U.S. Department of Justice has brought charges against a Chinese hacker and an accomplice for their alleged involvement in the notorious 2015 data breach at Anthem, one of the largest health insurance companies in the nation, as well as three other yet-to-be-disclosed American firms. The indictment, which was made…
Endpoint Security, Governance & Risk Management, Internet of Things Security Mirion Medical Resolves Bugs in Latest BioDose/NMIS Software Update Marianne Kolbasuk McGee (HealthInfoSec) • December 3, 2025 The Cybersecurity and Infrastructure Security Agency has flagged several vulnerabilities in the BioDose/NMIS software from EC2 Software, a division of Mirion Medical, which…
A Coupang logistics center in Seoul / Yonhap In a concerning development for consumer digital safety, Coupang, a major South Korean e-commerce platform, has reported a significant data breach affecting over 33 million of its customers. The breach exposes sensitive personal information, including customer names, phone numbers, home addresses, recent…
The Open Worldwide Application Security Project (OWASP) made significant strides last year by releasing various iterations of the “OWASP Top 10 For Large Language Models,” culminating in a version 1.1 in October. These documents underscore the rapidly evolving landscape of Large Language Models (LLMs) and the corresponding tactics for exploiting…
Recent findings from cybersecurity experts reveal a sophisticated spyware campaign aimed at users in Pakistan. This operation employs malicious variants of legitimate Android applications to conduct covert surveillance and data exfiltration. The spyware masquerades as well-known applications, including those like the Pakistan Citizen Portal, a prayer timing app called Pakistan…
A sprawling network believed to be responsible for defrauding individuals through fraudulent online gambling platforms has reportedly been operating for 14 years. Researchers have indicated that this extensive operation is likely supported by a nation-state, targeting both government and private sector organizations in the United States and Europe. Previous investigations…
