An open letter signed by major open source foundations has raised the alarm about the future of the infrastructure that supports modern software development. The Open Source Security Foundation (OpenSSF), along with eight other organizations , including the Eclipse Foundation, the Rust Foundation, Sonatype, and the Python Software Foundation , declared that ” open infrastructure is not free.” The document draws attention to key package registries like Maven Central, PyPI, crates.io, npm, and Packagist. These tools handle billions of downloads per month but rely primarily on donations, grants, and sponsorships. This model is fragile, given the growing costs of bandwidth, storage, staffing,

Cisco has disclosed a zero-day vulnerability, tracked as CVE-2025-20352, in its widely used IOS and IOS XE software; this vulnerability appears to be actively exploited. This vulnerability was initially identified through an investigation into a support case at the Cisco Technical Assistance Center (TAC). The flaw was found in the Simple Network Management Protocol (SNMP) subsystem and could allow a remote attacker to cause a remote code execution (RCE) or denial of service (DoS) condition on vulnerable devices. The vulnerability is caused by a stack overflow condition (CWE-121) . An attacker can trigger this flaw by sending a spoofed SNMP packet over

Artificial intelligence is increasingly being described as a double-edged sword, capable of offering enormous advantages but also opening new avenues for digital crime. During the ” TRUST AICS – 2025″ conference in Hyderabad , cybersecurity and legal experts emphasized how the same technology that enhances defenses and innovation is now increasingly being used by fraudsters to orchestrate sophisticated frauds that are difficult to detect with traditional tools. The gravity of the phenomenon was underscored by data from the Telangana Cyber Security Bureau : nearly 250 reports of cybercrime arrive every day, resulting in economic losses of approximately €60 million. This frequency demonstrates

Kali Linux developers have released a new release, 2025.3 , which expands the distribution’s functionality and adds ten new penetration testing tools. The update improves deployment processes in virtual environments, restores wireless driver support for Raspberry Pi, reworks several plugins, and drops support for the legacy ARMel architecture. Developers have completely redesigned the virtual image creation process, updating integration with HashiCorp Packer and Vagrant . Scripts now use the version 2 standard, ensuring consistent template generation. Preconfiguration files for automated installations have been standardized, and Vagrant scripts can now apply additional settings immediately upon launch, eliminating the need for routine steps during

A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) allows attackers to gain arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems. The vulnerability exploits the way the installer resolves file paths during installation. Salesforce has released version 2.106.6, which addresses the issue by hard-coding absolute file paths and validating digital signatures before loading additional executables. When sf-x64.exe runs, it loads several executable files and auxiliary DLLs from the current working directory before returning to the directory containing the installer. An attacker who places a forged executable with the same name as a legitimate component ( for example, sf-autoupdate.exe or

The United States has received an alert from the Cybersecurity and Infrastructure Security Agency (CISA) regarding a highly critical zero-day flaw in Google Chrome, which is currently being exploited in ongoing attacks. In response to the active exploitation, CISA directed Federal Civilian Executive Branch ( FCEB ) agencies to apply required security updates by October 14, 2025, in accordance with Binding Operational Directive (BOD) 22-01. A vulnerability, designated CVE-2025-10585, has been added to the CISA Known Exploited Vulnerabilities (KEV) list, highlighting the immediate need for urgent action by users and administrators. Google has confirmed that it is aware of an exploit for

The uncontrolled use of social media and violent video games poses a growing threat to adolescents at a crucial stage of their development. Child and adolescent health experts warn that technology, if overused, can profoundly impact young people’s behavior, contributing to the emergence of aggressive behavior. Research indicates that aggression in adolescents depends not only on individual personality traits, but also on environmental and digital influences. Professor Eyup Sabri Ercan of Ege University emphasized that violent behavior has increased in recent years precisely because of the inappropriate use of technology. Ercan explained that aggression is the result of the interaction between genetic

WhatsApp has announced a new feature that allows for in-app message translation . The company emphasizes that language barriers often limit free communication, considering its service is used daily by more than 3 billion users in approximately 180 countries. Now, if you receive a message in an unknown language, tap and hold it, then select “Translate.” You can then select the language to translate from or into and download a dictionary to save for later use. In terms of security, the company emphasizes that the transfer maintains the confidentiality of correspondence: all operations are performed only on the user’s device and WhatsApp

TikTok’s fate in the United States is now inextricably linked to political negotiations. The White House has announced that the service’s recommendation algorithm will be replicated and adapted solely based on data provided by users residing in the United States. Oracle will be responsible for reviewing and managing this system , while a new company, funded by American investors, will be responsible for managing the app. This decision is part of a broader agreement to avert a ban on TikTok in the United States, should the Chinese company ByteDance refuse to relinquish ownership of the app. According to Donald Trump administration officials,

In the Japanese city of Toyoda (Aichi Prefecture), city council members approved a draft ordinance limiting smartphone use during leisure time . The document establishes a daily limit of two hours, with exceptions for work or school activities . Twelve of the 19 city council members supported the measure. The new rules will take effect on October 1st. As NHK points out , the regulation does not include penalties and is advisory in nature. Authorities hope it will help raise awareness among city residents about the problem of excessive screen time. The city administration emphasizes that smartphones have become a necessary part