159-CVE January Patch Tuesday smashes single-month record
Brace yourselves… and consider reading your email in plaintext for now
Similar Posts
White House cyber director’s office set for more power under Trump, experts say
Bys sSuzanne Smalley reports: The Office of the National Cyber Director (ONCD) is poised to become a stronger force in the second Trump administration and will finally operate as the executive branch cybersecurity policy lead that Congress envisioned when establishing it in 2021, experts say. President Donald Trump’s selection of Sean Cairncross to lead the office signals that…
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
Bys sCertain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU). UEFI and IOMMU are designed to enforce a security
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Bys sCybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them….
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
Bys sA new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. “We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality
U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly
Bys sCBS News reports: The Secret Service has disrupted a sprawling telecommunications network in the New York tri-state area that investigators say posed a serious potential disruption to New York’s telecom systems and a possible threat to the United Nations General Assembly meetings this week. In the largest seizure of its kind, the U.S. Secret Service……
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
Bys sAman Mishra reports: A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. […] Lyrix ransomware stands out due to its ability to bypass traditional antivirus solutions by employing polymorphic code, which constantly mutates to avoid signature-based detection. Once infiltrated, the malware stealthily maps the target…