Microsoft has asked customers this week to disregard incorrect CertificateServicesClient (CertEnroll) errors that appear after installing the July 2025 preview update and subsequent Windows 11 24H2 updates. In recent months, Microsoft has addressed multiple similar issues affecting various Windows features that triggered erroneous warnings with no actual impact. For instance, last month, Redmond advised users … Ler mais
Officials from the City of St. Paul, Minnesota, have confirmed that the Interlock ransomware group has published employee data online after refusing the attackers’ payment demands. Mayor Melvin Carter said that the gang appeared to have published approximately 43GB of data stolen from St. Paul City Council systems. “The files they posted appear to come … Ler mais
Security researchers at Infoblox Threat Intel have revealed the complex workings of VexTrio, a highly skilled cybercriminal network that has been active since at least 2017. This discovery highlights the ongoing dangers in the digital economy. Formerly known simply as VexTrio, this group now dubbed VexTrio Viper leverages advanced traffic distribution systems (TDSs), lookalike domains, … Ler mais
GitLab has released critical security patches addressing multiple high-severity vulnerabilities that could enable attackers to execute account takeovers and stored cross-site scripting (XSS) attacks across both Community Edition (CE) and Enterprise Edition (EE) platforms. The vulnerabilities, disclosed in patch releases 18.2.2, 18.1.4, and 18.0.6, represent serious security risks that require immediate attention from administrators. Critical … Ler mais
Microsoft has disclosed three critical security vulnerabilities in its Office suite that could enable attackers to execute malicious code remotely on affected systems. The vulnerabilities, identified as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, were released on August 12, 2025, and pose significant security risks to organizations and individual users worldwide. All three vulnerabilities stem fromuse-after-freememory corruption issues … Ler mais
One of the few things many disliked about ChatGPT was the confusing number of models. OpenAI claimed GPT-5 would fix this, but it seems to have made it worse. A new update is rolling out to ChatGPT. It doesn’t upgrade GPT-5, but instead adds more options that some of you would love. Previously, GPT-5 had … Ler mais
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer at Harvard’s Kennedy School, a board member of EFF, and the Chief of Security Architecture … Ler mais
Microsoft has disclosed critical security vulnerabilities in Exchange Server that could enable attackers to conduct network-based spoofing attacks and tamper with sensitive data, according to security bulletins released on August 12, 2025. The vulnerabilities, identified as CVE-2025-25007 and CVE-2025-25005, pose significant risks to organizations running Microsoft’s email and collaboration platform. Critical Exchange Server Vulnerabilities Identified … Ler mais
Microsoft disclosed a critical vulnerability in Windows Remote Desktop Services on August 12, 2025, that enables attackers to launch denial-of-service attacks remotely without requiring authentication or user interaction. The flaw, tracked as CVE-2025-53722, has been assigned an “Important” severity rating with a CVSS score of 7.5 out of 10. Vulnerability Details and Attack Vector The … Ler mais
Bitdefender Labs has identified a sophisticated advanced persistent threat (APT) group dubbed “Curly COMrades,” active since mid-2024, targeting critical infrastructure in geopolitically sensitive regions. This Russian-aligned actor has focused on judicial and government entities in Georgia, alongside an energy distribution firm in Moldova, employing stealthy tactics to secure long-term network access and exfiltrate sensitive data. … Ler mais
