A chilling wave of cyberattacks targeting Fortinet FortiWeb instances has exposed the critical need for timely Fortinet updates. Hackers are exploiting a severe SQL injection vulnerability, CVE-2025-25257, to plant web shells and seize control of vulnerable systems....
On July 8, 2025, Marks & Spencer (M&S) confirmed a ransomware attack orchestrated by the DragonForce gang, initiated through a sophisticated social engineering impersonation attack in April 2025. M&S Chairman Archie Norman revealed to the UK Parliament’s...
McLaren Health Care, a Michigan-based healthcare provider, disclosed a medical data breach impacting 743,000 patients, originating from a July 2024 cyberattack on its Karmanos Cancer Institute, detected on August 5, 2024. The INC ransomware gang, responsible for the...
Critical server vulnerability CVE-2024-54085 (CVSS 10.0) in AMI MegaRAC BMC firmware, discovered March 11, 2025, is actively exploited, CISA warns. The Redfish interface flaw allows attackers to bypass authentication, gaining control over servers from AMD, ARM,...
A critical AI data leak in Asana’s Model Context Protocol (MCP) feature, discovered on June 4, 2025, exposed sensitive customer data, including tasks, project metadata, and files, across organizations. The logic flaw in the MCP server allowed cross-tenant access,...
Windows 10 support ends on October 14, 2025, marking the end of an era for this widely used operating system. After this date, Microsoft will cease providing security updates, bug fixes, and technical support, leaving users exposed. For businesses, this shift raises...
