At the end of August, GreyNoise recorded a sharp increase in scanning activity targeting Cisco ASA devices. Experts warn that such surges often precede the discovery of new product vulnerabilities. This time, there were two spikes: in both cases, attackers heavily controlled ASA authorization pages and Telnet/SSH access in Cisco IOS. On August 26, a particularly large attack was observed, initiated by a Brazilian botnet, which used approximately 17,000 unique addresses and handled up to 80% of the traffic. In total, up to 25,000 IP sources were observed. Interestingly, both waves used similar browser headers, disguised as Chrome, indicating a common infrastructure.

A Limes Security researcher, under the pseudonym f0rw4rd, has presented a new tool for developers and testers: tls-preloader. This is a universal library that allows you to completely disable TLS certificate verification, simplifying debugging and analyzing applications with encrypted connections. The solution is distributed as the LD_PRELOAD library, which integrates functions from the most popular TLS libraries. It works with OpenSSL (including versions 1.0.x, 1.1.x, and 3.x), BoringSSL, LibreSSL, GnuTLS, NSS, mbedTLS, and wolfSSL, and can bypass libcurl’s built-in checks. The authors note that the library is cross-platform, supporting Linux, FreeBSD, OpenBSD, NetBSD, Solaris, AIX, and macOS. During compilation, the target platform’s

Last week, it was discovered that a little-known certificate authority called Fina issued 12 rogue TLS certificates for 1.1.1.1 (a popular Cloudflare DNS service) between February 2024 and August 2025, without the company’s authorization. The certificates may have been used to decrypt encrypted queries via DNS over HTTPS and DNS over TLS. The spread of suspicious certificates became known almost by accident: a researcher was the first to to report it on Mozilla’s dev-security-policy mailing list. The certificates were issued by Fina RDC 2020, a CA affiliated with Fina Root CA. It quickly became clear that Microsoft trusted the Fina Root CA

An urgent security update has been released by Google for the Chrome browser on Windows, Mac, and Linux operating systems. This new version fixes a critical vulnerability that could allow attackers to remotely execute code at their discretion. A potential attacker can abuse this weakness by creating a malicious website that, once visited by a user, would allow the attacker to execute code on the user’s system. The update is currently being rolled out and will be available to all users in the coming days and weeks. This patch follows the initial Chrome 140 release, which also addressed several other security issues.

Cyberstorage: Italian IT managers’ response to increasingly sophisticated ransomware. The landscape has changed in recent years: more aggressive ransomware, data exfiltration before encryption, service interruptions due to physical events and more. In this context, simply “saving” data is no longer enough: storage becomes part of security. Precisely for this reason, Italian IT managers are increasingly focusing on cyberstorage: storage designed to resist attacks directly where the data resides. At its core is a key architectural principle: the fragmentation and native distribution of data across multiple geographic locations. This is complemented by integrated security features—such as immutability, encryption, and access control—that increase resilience

A security flaw has been discovered in Fortinet’s FortiDDoS-F product line that could allow a privileged attacker to execute prohibited commands. The vulnerability, classified as CVE-2024-45325, involves an operating system command injection issue located in the product’s command line interface (CLI). Despite the elevated privilege requirements, the potential impact on confidentiality, integrity, and availability is high. The issue was discovered internally and reported by Théo Leleu of Fortinet’s Product Security team. The vulnerability, identified as CWE-78, results from an improper neutralization of special elements used in an operating system command. An attacker with elevated privileges and local access to the system could

In a dramatic reversal, Nepal has lifted the nationwide social media blackout imposed last week after it sparked massive youth protests and caused at least 19 deaths, according to local media. The decision was announced on September 8 by Communications and Information Minister Prithvi Subba Gurung, who said that the government was responding to public outrage and tension on the streets. The government also promised to pay for the victims’ medical care and established a committee to investigate the causes of the tragedy and submit proposals within two weeks. The blockade affected 26 platforms, including Facebook, Instagram, YouTube, and X. The restrictions

Microsoft Corporation, according to Datacenter Dynamics, has joined the World Nuclear Association (WNA), an international nonprofit organization based in London that promotes nuclear energy. The World Nuclear Association was founded in 2001. Its main activities aresupporting advanced nuclear technologies, such as small modular reactors, simplifying licensing procedures, and strengthening global nuclear energy supply chains. The WNA website states that today the association includes companies and organizations based in 44 countries worldwide. These include, in particular, large companies in the nuclear engineering, construction, and waste management sectors, as well as research and development institutions. WNA members include Accenture, CEZ, Constellation Energy, EDF, GE

An independent researcher named Alexander Popov has presented a new technique for exploiting a critical vulnerability in the Linux kernel, assigned the identifier CVE-2024-50264. This use-after-free error in the AF_VSOCK subsystem has been present since kernel version 4.8 and allows an unprivileged local user to throw an error when working with a virtio_vsock_sock object during connection establishment. The complexity and scale of the issue earned the bug a 2025 Pwnie Award in the “Best Privilege Escalation” category. Previously, the issue was thought to be extremely difficult to exploit due to kernel defense mechanisms, such as randomized cache distribution and the peculiarities of

Google wants to make it easier for users to access AI Mode by allowing them to set it as their default search (instead of traditional links). AI Mode is a version of Google Search that uses large language models to summarize information from the web, so users spend more time on Google instead of clicking on website links. The new AI Mode in Google Search AI Mode can answer complex questions, process images, summarize information, create tables and graphs, and even provide coding support. As Bleeping Computer points out, AI mode is currently optional and can be found to the left of