QNAP Systems has released security updates to address several vulnerabilities in the QVR firmware of its VioStor Network Video Recorder (NVR) systems. On August 29, 2025, two serious security vulnerabilities were disclosed, prompting the company to promptly update their systems to prevent potential security breaches. QNAP responded quickly to these security reports by releasing updated firmware that addresses both vulnerabilities. Legacy VioStor NVR systems running QVR 5.1.x are affected, but users can now update to QVR 5.1.6 build 20250621 or later to eliminate these security risks. The security advisory discloses two separate vulnerabilities that could compromise the integrity of legacy VioStor NVR

An Indian-born software engineer employed by Microsoft Corp. has been found dead on the company’s campus in Mountain View, California. The 35-year-old, identified as Pratik Pandey and originally from Indore, India, entered the office on the evening of August 19 and was found dead in the early hours of August 20, police confirmed. Officers responded to the scene around 2 a.m. and reported they found no signs of suspicious activity or behavior. Authorities have clarified that the case is not being treated as a criminal investigation, according to a Bloomberg report. Relatives urged tech companies to take stronger measures to protect employees

Sophos has warned of an increasingly sophisticated attacker practice: the use of legitimate cybersecurity tools as part of a Living-off-the-Land (LotL) tactic, in which an attack is carried out using existing or publicly available software rather than internally developed malware. In a recent incident, unknown attackers introduced Velociraptor, an open-source endpoint monitoring and digital forensics tool, into the victim’s infrastructure. The tool was installed via msiexec, downloading the MSI installer from a domain on the Cloudflare Workers platform. It’s well known that threat actors often use “living-off-the-land” (LotL) techniques or exploit legitimate remote monitoring and management (RMM) tools for their attacks. However,

A disturbing episode of electronic warfare (EW) directly involved the President of the European Commission, Ursula von der Leyen. On approach to Plovdiv Airport in Bulgaria, the jet carrying the European leader suddenly lost all electronic satellite navigation aids, leaving it “in the dark” of GPS signals. According to the Financial Times and confirmed by European officials, the incident is being treated as an operation of deliberate interference, presumably of Russian origin. The accident and an “old-fashioned” landing The aircraft, which had departed from Warsaw and was headed to Plovdiv for an official meeting with the Prime Minister, Bulgarian Rosen Zhelyazkov and

BruteForceAI is a new penetration testing framework that combines artificial intelligence and automation to take brute-force to the next level. Developed by Mor David, the tool uses large language models to automatically analyze login forms and conduct targeted attacks faster and more effectively. Unlike traditional solutions, it does not require complex manual configuration and reduces the risk of human error, simplifying the work of security specialists. How BruteForceAI works and what it can do It works in two distinct phases. In the first phase, the LLM analyzes the target page’s HTML and precisely identifies input fields, buttons, and CSS selectors. Next comes

A critical security flaw in the Linux UDisks daemon was recently discovered, allowing potential unprivileged attackers to access files belonging to highly privileged users. The vulnerability, classified as CVE-2025-8067, was disclosed on August 28, 2025, with a CVSS v3 score of 8.5, underscoring its significance. The vulnerability is caused by an input validation error in the UDisks daemon device manager. This manager processes requests through the D-BUS interface. The flaw occurs when the daemon processes two specific parameters: an index value that determines the backing file for creating the loop device and the list of file descriptors. Although the daemon correctly validates

The National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), has introduced a decentralized data approach to help manufacturers and critical infrastructure sectors protect their supply chains and operating environments. The document introduces a meta-framework designed to improve traceability across diverse supply chains by enabling the structured recording, linking, and retrieval of traceability data. As part of this effort, NIST has released a reference implementation (RI) for the Minimum Viable Product (MVP) to test experimental supply chain ecosystems in a controlled laboratory environment. The implementation examines how traceability data can be shared across industries and critical

British doctors have tested an advanced stethoscope equipped with artificial intelligence capable of detecting three serious heart conditions in just 15 seconds. Practical results of the study showed that the new device significantly improves diagnostic accuracy compared to traditional methods, as reported by the Guardian. The stethoscope has been one of the main medical instruments for over two hundred years. In its classic form, it allows the detection of abnormal heart, lung, or bowel sounds. Now, a British team of researchers from Imperial College London and Imperial College Healthcare NHS Trust has unveiled an updated version of the device, equipped with artificial

A major legal breakthrough is upon us. A US court has ordered NSO Group, a notorious spyware maker, to pay $167 million to WhatsApp. This ruling stems from a 2019 hacking campaign in which over 1,400 WhatsApp users were compromised using NSO’s Pegasus spyware. The lawsuit was filed by WhatsApp, which alleged violations of federal and state hacking laws, as well as violations of its terms of service. WhatsApp has confirmed it has fixed security vulnerabilities in its iOS and Mac apps that were exploited in these targeted espionage campaigns. According to WhatsApp, the bug allowed hackers to secretly infiltrate the devices

IBM and AMD will develop new computing architectures at the intersection of quantum and classical approaches, writes the AMD press office. Executives from IBM and AMD announced a partnership in August 2025 to build quantum-centric supercomputers, next-generation architectures that combine quantum computing and high-performance computing (HPC). Engineers from both companies plan to explore how IBM’s quantum technologies can be integrated with AMD’s processors, graphics accelerators, and Field Programmable Gate Array (FPGA) chips, and to analyze the role of open ecosystems such as the Quantum Information Software Kit (Qiskit) in the development and deployment of new algorithms that leverage quantum computing. The goal