Expanded management regions for Sophos DNS Protection

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a…

Fatima Hussein reports: The Congressional Budget Office on Thursday confirmed it had been hacked, potentially disclosing important government data to malicious actors. The small government office, with some 275 employees, provides objective, impartial analysis to support lawmakers during the budget process. It is required to produce a cost estimate for nearly every bill approved by……

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF)…

Meredith Bond reports: Student information for those who attended Toronto District School Board as far back as 1985 may have been compromised by a cyber incident that happened in December 2024. On Jan. 8, the TDSB sent a letter to parents explaining the incident involving the PowerSchool software, which is used by many boards across…

A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix…

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during July and August