Researchers recorded that a critical flaw in the Erlang/Open Telecom Platform SSH stack implementation began being actively exploited as early as early May 2025; approximately 70% of detections occurred on firewalls protecting industrial segments. The campaign began after the fixes were released: the patches appeared in April in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. The vulnerability has been assigned the identifier CVE-2025-32433 and a maximum CVSS score of 10.0. It concerns the lack of authentication in the native SSH implementation: By having network access to the Erlang/OTP service, an attacker can execute arbitrary code without credentials. Considering that the built-in SSH is responsible

A cybersecurity researcher has discovered that hundreds of TeslaMate servers around the world are openly transmitting Tesla vehicle data without any protection. This means that car telemetry—from precise coordinates and routes to owner habits and even charging schedules—has been exposed to the public. TeslaMate is a popular open-source tool that connects to the official Tesla API and collects detailed information about the car. The system records GPS data, battery status, trip history, cabin temperature readings, and other parameters. To display statistics, a combination of a web interface on port 4000 and a Grafana panel on port 3000 is used. However, by default,

Technology company Proton, which already has 100 million users worldwide, found itself at the center of two major news stories. First, the launch of its generative artificial intelligence, Lumo, which promises absolute privacy for users. Second, CEO Andy Yen announced in an interview with Le Temps the suspension of investments in Switzerland. The reason was a possible reform of Swiss regulations on communications surveillance. According to Yen, the proposed changes would lead to mass surveillance and force private companies to spy on their users in the interests of the state. As a result, Proton is no longer investing in the country and

A former moderator of the XSS dark web forum, known as Rehub, has launched his own platform called Rehubcom. The move coincides with the arrest of XSS’s administrator in Kiev and the closure of the forum’s domain, as well as the exit of DamageLib, paving the way for new competitors to emerge on the dark web. Rehubcom could be one such replacement, quickly filling the void left by XSS itself. XSS, originally called DaMaGeLaB, was a forum that appeared on the dark web and was one of the oldest and most influential forums in the cybercrime world. Exploits, malware, access to corporate

On July 23, 2025, Tesla held its second-quarter earnings conference call. Elon Musk, as usual, conveyed his infectious optimism to Wall Street. Speaking about Dojo, the company’s carefully constructed artificial intelligence supercomputer, he expressed confidence: “We expect Dojo 2 to be operational at scale next year, with a capacity equivalent to approximately 100,000 H100 chips.” This statement was a real confidence booster. Investors considered Dojo not only the technological cornerstone of Tesla’s fully autonomous driving system (FSD), but also the main driver of its transformation from an electric car company to a trillion-dollar artificial intelligence giant. Analysts at Morgan Stanley even estimated

CISA, in collaboration with international partners, has published a comprehensive guide, titled “OT Cybersecurity Fundamentals: Asset Inventory Guide for Owners and Operators,” to strengthen cybersecurity defenses in critical infrastructure sectors. The document emphasizes the critical importance of maintaining accurate inventories of operational technology (OT) assets, as malicious cybercriminals increasingly target industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and programmable logic controllers (PLCs) in the energy, water, and manufacturing sectors. These Attacks exploit vulnerabilities in legacy systems, weak authentication mechanisms, insufficient network segmentation, insecure OT protocols such as Modbus and DNP3, and compromised remote access points. The guide introduces

A vulnerability called MadeYouReset has been discovered in several HTTP/2 implementations. This vulnerability can be exploited to launch powerful DDoS attacks. Researchers at Imperva, Deepness Lab, and Tel Aviv University write that the vulnerability has been assigned the primary identifier CVE-2025-8671. However, the bug affects products from various vendors, many of which have already released their own CVEs and security bulletins: Apache Tomcat (CVE-2025-48989), F5 BIG-IP (CVE-2025-54500), Netty (CVE-2025-55163), Vert.x and Varnish. Solutions from Mozilla, Wind River, Zephyr Project, Google, IBM, and Microsoft have also been reported to be vulnerable, which could expose vulnerable systems to risk in one way or another.

According to inside sources and internal documents seen by Business Insider, the software giant has compiled a list of its most sought-after engineers and researchers and is launching a new process aimed at making offers more competitive, including requiring compensation to match that of Meta engineers. Microsoft recently reported skyrocketing earnings, pushing its market valuation to $4 trillion, thanks in large part to enthusiasm for generative AI. Microsoft needs to attract top AI engineers and researchers to maintain this success. The company has cut thousands of employees this year, but has insisted its workforce will remain unchanged, suggesting significant hiring plans. Finding

Microsoft will remove PowerShell 2.0 from Windows starting in August, years after announcing its deprecation and keeping it as an optional feature. The 14-year-old command processor introduced with Windows 7 has already been removed for Windows Insiders starting in July 2025 with the release of Windows 11 Insider Preview Build 27891 on the Canary Channel. As explained in a support document published Monday, Microsoft will permanently remove PowerShell 2.0 from Windows 11 version 24H2 starting in August and from Windows Server 2025 starting in September. “For most users and organizations, this change will not pose any significant disruption: newer versions of PowerShell,

Developing AI agents capable of identifying vulnerabilities in complex systems is still a challenging task that requires a lot of manual labor. However, these agents offer a major advantage: unlike traditional methods such as fuzzing or formal checks, their work can literally be “read” from logs. This allows researchers to better understand the strengths and weaknesses of modern LLM models. The authors of the experiment collected over one hundred gigabytes of these logs and selected several illustrative cases. The first test object was SQLite, a lightweight and extremely popular C-based DBMS used in browsers, mobile operating systems, cars, airplanes, and even the