View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR Configuration Utility (ICU) tool Vulnerability: Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of this vulnerability…
May 27, 2025Ravie Lakshmanan Cloud Security / Malware Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said…
The AirPods have come a long way. When the first iteration launched in 2016, it featured a chunky build and mediocre specs. Since then, Apple has actively developed its wireless earbuds, introducing multiple tiers, more…
Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the…
The internet might be more sanitized than it was in decades past, but it’s still plenty dangerous. You’ve been warned that the web is a security minefield—that it’s easy to get in trouble. You can…
Has anyone done a check-in with Tim Cook lately? You know, just drive by the Apple campus and see how things are going? Maybe bring him an edible basket of some kind? He’s been having…
I don’t know how your tech drawers look, but mine are filled with wires I’ll likely never use again because technology has advanced quite a bit. Thankfully, USB-C seems to be here to stay since…
Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025…
May 27, 2025Ravie LakshmananData Breach / Social Engineering The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over…
May 27, 2025Ravie LakshmananMalware / Threat Intelligence The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The attack chain is…