The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a newly patched vulnerability affecting Microsoft’s .NET and Visual Studio products in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that the flaw is actively being exploited in the wild. This vulnerability, tracked…
A recent disclosure has revealed a series of 16 high-severity security vulnerabilities in the CODESYS V3 software development kit (SDK). This suite of flaws could potentially lead to remote code execution and denial-of-service conditions, thereby posing significant risks to operational technology (OT) sectors. The vulnerabilities, tracked from CVE-2022-47378 to CVE-2022-47393…
Microsoft Discovers New Russian Hacking Attempts Ahead of U.S. Midterm Elections In a recent revelation, Microsoft announced the discovery of new hacking efforts attributed to the Russian hacking group APT28, also known as Strontium or Fancy Bear. These attempts, aimed at conservative think tanks and the U.S. Senate, surfaced amid…
In a significant legal move, Microsoft has initiated a lawsuit against the Department of Justice (DoJ) to contest a gag order that prohibits technology companies from notifying their customers when their cloud-based data is accessed by government authorities. This lawsuit arises from concerns regarding the implications of the Electronic Communications…
Recent reports indicate a significant data breach involving a massive database of 272 million email addresses and passwords from leading email providers, including Gmail, Microsoft, and Yahoo. This sensitive information is currently being offered for sale on the Dark Web for a mere price of less than one dollar. The…
Microsoft’s NTLMv1 protocol, introduced in the 1980s alongside OS/2, has long been known for its vulnerabilities. Significant research, notably by cryptanalyst Bruce Schneier and Mudge in 1999, highlighted critical weaknesses in NTLMv1’s security architecture. This became alarmingly clear during the 2012 Defcon 20 conference, where researchers unveiled a toolkit that…
Kaiser Permanente to Disburse Payments Following Data Sharing Settlement Kaiser Permanente, a prominent player in the U.S. healthcare landscape, is preparing to issue payments to customers affected by an incident involving the unauthorized sharing of personal data and health information with third-party companies. This move comes in the wake of…
Microsoft recently addressed a significant vulnerability within its Copilot AI assistant, which permitted cybercriminals to extract sensitive user information with a single click on a seemingly legitimate URL. The breach was discovered by ethical hackers from the security firm Varonis, who demonstrated that their multi-layered attack could successfully illicit personal…
Third-Party Risk Management, Artificial Intelligence & Machine Learning, Cyberwarfare / Nation-State Attacks Guidance for CIOs on Evading ‘Geopolitical Lock-In’ in AI, Cloud, and Supply Chains Jennifer Lawinski • January 13, 2026 (Image: Shutterstock) In the current geopolitical climate, significant shifts and upheavals are commonplace. Global protests can destabilize governments overnight,…
