Moving CVEs past one-nation control
A near-miss episode of attempted defunding spotlights a need for a better way
Similar Posts
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
Bys sThe cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these…
Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login
Bys sPalo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), has been described as a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS software arising as a result of an improper check…
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
Bys sA critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. “A local or remote attacker can exploit the vulnerability by accessing the
Another NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in US
Bys sA second individual accused of being involved in NetWalker ransomware attacks, a Romanian national, has received a 20-year prison sentence. The post Another NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in US appeared first on SecurityWeek.
Ransomware Attack on ADP Partner Exposes Broadcom Employee Data
Bys sTim Toole reports: A ransomware attack on Business Systems House (BSH), a Middle Eastern partner of payroll provider ADP, led to Broadcom employee data theft in September 2024. Data was leaked online in December, but Broadcom wasn’t informed until May 2025. The El Dorado ransomware group claimed responsibility for the breach, which occurred as Broadcom…
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
Bys sGoogle Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. “This…