Major agencies around the world have raised the alarm about a critical threat to network infrastructure: vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower devices have been targeted by a flurry of attacks . The alert follows the issuance of Emergency Directive 25-03 by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) , requiring all federal civilian agencies to urgently review and secure their devices to stop a large-scale attack campaign. The incident involved the exploitation of several previously unknown vulnerabilities in Cisco systems, allowing unauthorized remote execution of arbitrary code and even ROM modification to maintain control across reboots and

A critical DLL hijacking vulnerability has been identified in Notepad++ version 8.8.3 by security researchers, with the flaw assigned CVE-2025-56383. The vulnerability specifically targets the Notepad++ plugin system, specifically the NppExport.dll file located in the Notepad++pluginsNppExport directory. This flaw allows attackers to execute arbitrary code by replacing legitimate Dynamic Link Library (DLL) files within the application’s plugin directory with malicious versions that retain the same export functions. Attackers can exploit this weakness by creating a malicious DLL file with identical export functions that forward calls to the original DLL while simultaneously executing malicious code. When users launch Notepad++, the application automatically loads

A researcher on Google’s Project Zero team has revealed a new method for remotely exfiltrating memory addresses on Apple’s macOS and iOS operating systems. The research stemmed from a 2024 discussion within the Project Zero team about finding new ways to remotely leak ASLR on Apple devices. One method discovered by the researcher appears to be applicable to services that accept attacker-provided data and deserialize it, then reserialize the resulting objects and send the data back. This method can bypass a key security feature , Address Space Layout Randomization (ASLR) , without resorting to traditional memory corruption vulnerabilities or timing-based side-channel attacks.

Are you tired of boring e-learning training courses? Do you really want to educate your company’s employees about bad and erroneous behaviors so you can keep your company safe? Great! It’s time to discover Betti RHC , the graphic novel by Red Hot Cyber that combines entertainment and education, transforming cybersecurity into an engaging, memorable, and immersive experience. What is Betti-RHC? Betti RHC is a graphic novel series designed to raise employee awareness of digital risks through compelling stories and realistic characters. Each episode addresses specific topics such as phishing, ransomware, weak passwords, and cyberbullying, offering practical lessons on how to recognize

In recent days, a malvertising campaign targeting business users trying to download Microsoft Teams has been discovered. At first glance, the attack seems trivial: a sponsored ad leads to a download page, and the user downloads a file called MSTeamsSetup.exe and runs it. But the details make all the difference, and it’s precisely these details that make the operation so insidious. The file isn’t a regular malicious executable; it’s digitally signed . For many, this signifies trustworthiness. In fact, attackers have found a way to exploit trust in digital signatures to their advantage: they use “disposable” certificates , valid for only a

Earlier this month, news emerged about Chinese company Kaiwa Technology , which had reportedly created a “pregnancy robot.” The news was accompanied by vivid images: a life-size figure with a transparent compartment in its abdomen containing an artificial womb . Reports claimed that the creator of the idea, a certain Zhang Qifeng, planned to unveil a prototype within a year and sell the device for less than 100,000 yuan, or about $13,900. The combination of promising timing, a relatively affordable price, and striking images ensured the news spread quickly. The story quickly made its way to English-language publications, including the Daily Mail

NIST , through its National Cybersecurity Center of Excellence (NCCoE) , has released the first draft of a new document dedicated to post-quantum cryptography (PQC) . Cryptographic algorithms have always protected our most sensitive digital data from unauthorized access. So far, they’ve worked well, as even the most powerful computers haven’t been able to break them. But a challenge looms on the horizon: quantum computers , which could one day break traditional algorithms and expose information currently considered secure. This requires new algorithms that can withstand both current and future quantum computers. This is where PQC , or “quantum-resistant” cryptography, comes in.

On September 27, 2025, new concerns emerged about robots produced by China’s Unitree Robotics , after serious vulnerabilities were reported that could expose thousands of devices to remote control and malicious use. According to IEEE Spectrum on Thursday, September 25, researchers have discovered a critical flaw in the Bluetooth Low Energy (BLE) system used by the company’s robots for initial Wi-Fi network setup. This weakness would allow an attacker to gain root privileges on the devices’ Android operating system, gaining complete control over them. Security researcher Andreas Makris explained that once a robot is compromised, the infection can automatically spread to other

Since late July 2025, a new wave of cyber attacks has been recorded targeting organizations equipped with SonicWall firewalls, with the active spread of the Akira ransomware. According to researchers at Arctic Wolf Labs , malicious activity has significantly increased and continues to persist. Attackers gain initial access through compromised SSL VPN connections , successfully bypassing multi-factor authentication (MFA) . Once inside the network, they quickly move on to the encryption phase—in some cases, the dwell time before the ransomware was released was as short as 55 minutes . The exploited vulnerability and the role of stolen credentials The hacks have been

After having signed the contract to build the Japanese supercomputer “K,” one of the most powerful in the world, Fujitsu has announced a new flagship project: Post-K , based on the 64-bit ARMv8 architecture. The presentation took place during the International Supercomputing Conference in Frankfurt , Germany, and the official launch is scheduled for 2020. Post-K is expected to achieve 100 times faster performance than its predecessor , paving the way for a computing level that could exceed 1,000 petaflops (PFLOPS) . Currently, the “K” supercomputer—also known as “King” —is ranked fifth in the world’s top 500 most powerful systems . Its