Fixes were rolled out for over two dozen vulnerabilities, including critical- and high-severity bugs.
The post Atlassian, GitLab, Zoom Release Security Patches appeared first on SecurityWeek.
Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against malicious downloads and phishing files.
The post New Windows Flaw Lets Attackers Bypass Mark of the Web appeared first on TechRepublic.
Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against malicious downloads and phishing files.
The post New Windows Flaw Lets Attackers Bypass Mark of the Web appeared first on TechRepublic.
JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a remote code execution (RCE) exploit. Researchers found that a stack buffer overflow vulnerability in Redis (CVE-2025-62507) can be used to run the XACKDEL command with multiple IDs to trigger a..
The post JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability appeared first on Security Boulevard.
UAT-9686 exploited the bug to deploy the AquaShell backdoor on Cisco appliances with certain ports open to the internet.
The post Cisco Patches Vulnerability Exploited by Chinese Hackers appeared first on SecurityWeek.
A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately.
The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic.
A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately.
The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic.
WhatsApp device fingerprinting can be useful in the delivery of sophisticated spyware, but impact is very limited without a zero-day.
The post Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes appeared first on SecurityWeek.
Opening a jar of Super Lemon Haze, Iβm hit with an overwhelming wave of citrus aroma. The crystal covered buds smell like a lemonade stand: sweet, sticky and a little bit tart. When I take the first inhalation, the taste reminds me of lemon meringue pie, so light and sweet, but with the unmistakable flavor of lemons. A few seconds later, a smile spreads across my face. I feel uplifted, energized and ready for conversation. Time to go socialize!
Cannabis can sometimes have a bad reputation when it comes to socializing. Since some strains make people feel sleepy, anxious or anti-social, many avoid using marijuana in social contexts. Fortunately, cannabis is an incredibly varied plant with many different effects. While certain strains may have you hiding in the corner rather than talking to friends, others are the ideal party companion, leaving you relaxed, energized and talkative. These differences have everything to do with the terpene and cannabinoid profile of the plant. Some profiles promote social tendencies while others increase anxiety, or leave you too tired to talk. The trick is finding the strains that promote your prosocial tendencies. Here are our top picks for social strains:
This sweet and sour sativa, described above, has a zippy, energetic high thatβs a favorite among sativa smokers. The citrusy taste isnβt just a delicious flavor, it also indicates a terpene profile rich in limonene. This terpene is known for its relaxing, energizing and uplifting effects. If cannabis makes you sleepy, try sativas rich in limonene for a high that wonβt put you to sleep.
Another popular sativa strain for socializing is Hawaiian. Its strong topical aroma has notes of pineapple, guava and passionfruit and will leave you feeling like you just stepped onto a tropical island. The flavor is light and sweet with hints of fruit, but the real vacation is the happy and relaxed high that comes from these beautiful buds. With a perfect blend of terpenes like limonene, pinene (which aids focus and alertness) and myrcene (which has calming effects), this strain has been described as euphoric, talkative and giggly. Hawaiian is likely to leave your whole party smiling.
ACDC is a woody, earthy sativa, with notes of pine. This clear-minded social strain is known for its 20:1 CBD:THC ratio and its relaxed, focused effects. Most strains have relatively high levels of THC, which often causes increased anxiety. If you find yourself to be more anxious after smoking a THC-heavy strain, try a sativa like ACDC thatβs rich in CBD, as CBD counteracts this anxiety β leaving you relaxed and ready to mingle.
Cabbage Patch is a sweet but tart sativa-dominant hybrid. This tasty flower is rich in THCV, a cannabinoid that can help side-step heightened anxiety from THC. While THCV offers all the energizing and euphoric effects of THC, it also relaxes users and is less likely to cause anxiety and paranoia. Cabbage Patch leaves users feeling relaxed, giggly, and energetic, which is the perfect mix for any party.
For those who prefer the high from indicas, Afgoo is an amazing choice when you want to get social. These sweet and slightly earthy flowers have notes of pine and berry. With high levels of myrcene, Afgoo is exceptionally relaxing and always leaves me feeling happy, warm and loving. Itβs an exceptional strain for spending time with loved ones.
Originally published in the print edition of Cannabis Now. LEARN MORE
TELL US, what are your favorite strains to smoke when socializing?
The post 5 Best Strains for Superior Socializing appeared first on Cannabis Now.
Microsoft has rolled out a huge Patch Tuesday update bundle for October 2025, addressing 175β¦
Microsoft October Patch Tuesday Is Huge With 170+ Fixes on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Microsoft has released the scheduled Patch Tuesday updates for September 2025, addressing 81 security vulnerabilitiesβ¦
Microsoft Fixed 2 Zero-Days Amid 80+ Patches With September 2025 Patch Tuesday on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Microsoft has released the scheduled Patch Tuesday updates for August 2025. This monthβs update bundleβ¦
Microsoft Fixed Over 100 Flaws With August 2025 Patch Tuesday on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
As reported in the IBM X-Force Threat Intelligence Index 2020, X-Force research teams operate a network of globally distributed spam honeypots, collecting and analyzing billions of unsolicited email items every year. Analysis of data from our spam traps reveals trending tactics that attackers are utilizing in malicious emails, specifically, that threat actors are continuing to target organizations through the exploitation of older Microsoft Word vulnerabilities (CVE-2017-0199 and CVE-2017-11882).
These vulnerabilities, which were reported and subsequently issued patches in 2017, are the most frequently used of the top eight vulnerabilities observed in 2019. They were used in nearly 90 percent of malspam messages despite being well-publicized and dated. These findings highlight how delays in patching allow cybercriminals to continue to use old vulnerabilities and still see some success in their attacks.
In addition to these vulnerabilitiesβ popularity in malspam, the volume of 2019 network attacks that targeted X-Force-monitored customers while attempting to exploit them was 25 times higher than the combined number of network attacks attempting to exploit similar vulnerabilities that leverage Object Linking and Embedding (OLE).
Our analysts did not observe a commonality regarding the malicious payloads used post-exploitation, which means that using these vulnerabilities is the choice of a wide array of threat actors and not specific to a small number of campaigns or adversarial groups.
Figure 1: Observed usage of top CVEs in 2019 spam emails (Source: IBM X-Force)
Another noteworthy insight from the figure above is that most vulnerabilities commonly used by cybercriminals are older ones. None of the vulnerabilities leveraged in 2019 were disclosed last year and only one was disclosed in 2018. The rest go back as far as 2003, further driving home the point that when it comes to malicious cyber activity, whatβs old is new and whatβs new is old.
Why would a wide array of threat actors use the same two old and well-known exploits in so many of their attacks? There are a few possible explanations, but the essence of it is they are cheaper, better documented, battle-tested and more likely to lead to legacy systems that are no longer being patched.
First, the exploits are very convenient for an attacker to use in that they donβt require user interaction. Unlike more recent Word vulnerabilities, which require the attacker to convince the user to enable macros, the exploits for these particular vulnerabilities automatically execute when the document is opened. This can help reduce the chance of arousing user suspicions and, accordingly, increase the rate of success.
Second, since so many different actors use these vulnerabilities, it can complicate attribution, as their widespread usage makes associating them with any particular individual or group difficult.
For example, IBM researchers recently observed threat actors leveraging these CVEs and using a variant of the X-Agent malware, which was historically associated with a threat actor known to IBM as ITG05 (also known as APT28). That threat group has been attributed to Russiaβs Main Intelligence Directorate. But while they were being used by highly sophisticated threat actors, these vulnerabilities were also leveraged by low-end spammers dropping commodity malware through massive email campaigns.
The reuse of common exploits is a convenient way to muddy threat actor attribution, especially for groups that wish to remain anonymous in their operations. It can allow threat actors to hide among a large volume of activity, obfuscating their actions.
The third and perhaps most likely reason for the continued use of these vulnerabilities is the simple ease and convenience of generating documents that can exploit them. Because these types of documents are essential to the day-to-day operations of many target organizations, they are often not blocked by enterprise email filters. As a final bonus to threat actors, they are also some of the cheapest exploits cybercriminals can buy.
X-Forceβs dark web research of underground forums highlights multiple offerings of free document builders that leverage each of these vulnerabilities. Our team also identified free YouTube videos focused on each vulnerability, illustrating how an attacker can generate a document to exploit these issues.
Figure 2: YouTube videos detailing how to generate documents exploiting CVEs 2017-0199, 2017-11882 (Source: IBM X-Force)
One should keep in mind that successful exploitation of older vulnerabilities is more likely to happen on older, unpatched operating systems (OSs) and legacy systems where OS end-of-life means that no new patches are even available. These kinds of systems are most likely used by organizations that canβt patch due to other issues or priorities. While there are many reasons that can contribute to the decision to defer patching, that decision is never a good one in the long run.
Older vulnerabilities are clearly not going away any time soon, so organizations need to be prepared to defend against their attempted exploitation. IBM X-Force Incident Response and Intelligence Services (IRIS) has the following tips for organizations to better protect themselves:
Download the latest X-Force Threat Intelligence Index
The post Whatβs Old Is New, Whatβs New Is Old: Aged Vulnerabilities Still in Use in Attacks Today appeared first on Security Intelligence.
Login