Oracle Releases October 2025 Patches
The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities. The post Oracle Releases October 2025 Patches appeared first on SecurityWeek.
Deep analysis of the flaw in BetterBank reward logic
Executive summary From August 26 to 27, 2025, BetterBank, a decentralized finance (DeFi) protocol operating on the PulseChain network, fell victim to a sophisticated exploit involving liquidity manipulation and reward minting. The attack resulted in an initial loss of approximately $5 million in digital assets. Following on-chain negotiations, the attackerRead More »Deep analysis of the flaw in BetterBank reward logic
Why You Should Swap Passwords for Passphrases
The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more importantRead More »Why You Should Swap Passwords for Passphrases
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed atRead More »Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025
Participants exploited 34 previously unknown vulnerabilities to hack printers, NAS devices, and smart home products. The post Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 appeared first on SecurityWeek.
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in lateRead More »TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Security Leaders Discuss Cyberattack on American Airlines Subsidiary
Envoy Air, subsidiary of American Airlines, experienced a cyberattack.
TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The vulnerabilities in question are listed below – CVE-2025-6541 (CVSS score: 8.6) – An operating system command injection vulnerability that could be exploited by anRead More »TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
Gravwell Closes $15.4M Funding Round to Expand Data Analytics and Security Platform
The Series A round was led by Two Bear Capital and included participation from Gula Tech Adventures, Next Frontier Capital, and others. The post Gravwell Closes $15.4M Funding Round to Expand Data Analytics and Security Platform appeared first on SecurityWeek.
SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility
NetRise appointed the former CISA Senior Advisor and Strategist as a Strategic Advisor. The post SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility appeared first on SecurityWeek.