Microsoft primes 71 fixes for May Patch Tuesday
Five issues actively exploited in the wild, but the real excitement may have been handled in advance
Similar Posts
Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits
Bys sCybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic’s Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of…
Phishing texts trick Apple iMessage users into disabling protection
Bys sLawrence Abrams reports: Cybercriminals are exploiting a trick to turn off Apple iMessage’s built-in phishing protection for a text and trick users into re-enabling disabled phishing links. With so much of our daily activities done from our mobile devices, whether paying bills, shopping, or communicating with friends and colleagues, threat actors increasingly conduct smishing (SMS phishing)…
NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
Bys sA federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against…
Hackers claim access to law enforcement portals, but do they really have access?
Bys sOn September 11, after posting a lengthy “Goodbye” message on BreachForums[.]hn and linking to it on Telegram, the individuals calling themselves Scattered LAPSUS$ Hunters 4.0 seemed to have some difficulty with sticking to the “going silent” part of their farewell message. In short order, they posted four screenshots suggesting that they had access to the……
NL: Dutch watchdog says healthcare lab failed data security rules before cyberattack affecting 850,000
Bys sIn August 2025, research agency Bevolkingsonderzoek Nederland revealed that half a million women who had undergone cervical cancer screening had their data stolen. The research agency paid Nova ransomware gang’s demand, which Nova confirmed, but then the criminals turned around and seemingly demanded even more money because the lab had spoken with police. Or at……
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
Bys sCybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation guardrails with just a single character change. “The TokenBreak attack targets a text classification model’s tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented