Latest news as of 5/13/2025, 8:57:41 PM
Dark Reading
The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.
The Register
FBI and others list how to spot NK infiltrators, but AI will make it harder Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is an answer, for the moment at least.… RSAC
The Register
They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse Researchers from the University of Zurich have admitted to secretly posting AI-generated material to popular Subreddit r/changemyview in the name of science.…
The Hacker News
In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw
The Register
Whoever could be behind this attack on an ethnic minority China despises? Researchers at Canada’s Citizen Lab have spotted a phishing campaign and supply chain attack directed at Uyghur people living outside China, and suggest it’s an example of Beijing’s attempts to target the ethnic minority group.…
The Register
Florida man altered allergen info, DoSed former colleagues Former Disney employee Michael Scheuer was sentenced to 36 months in prison and fined almost $688,000 for screwing up a software application the entertainment giant used to cook up its restaurant menus.…
The Register
Sometimes, silence is the best option An Oklahoma City cybersecurity professional accused of installing spyware on a hospital PC confirmed on LinkedIn key details of the drama.…
The Register
Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel Chief security officers should negotiate personal liability insurance and a golden parachute when they start a new job – in case things go sideways and management tries to scapegoat them for a network breach.… RSAC
Dark Reading
CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.