New visual for the 'Digital Forensics' section of 'Data Science for the Modern Enterprise'! We're diving deep into vulnerabilities, threats, and risk mitigation.
Forensics isn't just about after-the-fact analysis—it's a critical part of proactive defense. What's the most surprising digital forensics case or concept you've encountered? Share your thoughts below! 
#digitalforensics #CyberSecurity #DataScience #RiskMitigation #InfoSec #TechTalk #Vulnerabilities #Threats #EnterpriseSecurity
#vulnerabilities
4 Beiträge4 Beteiligte0 Beiträge heute
What happens when AI starts writing its own malicious code and foreign adversaries embed themselves in the software supply chain? Check out the latest cybersecurity news from this week.
#cybersecurity #news #tech #ai #vulnerabilities
https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-35-663
Cybersecurity News Weekly · Cybersecurity News Review - Week 35 (2025)
High-severity vulnerability in Passwordstate credential manager. Patch now. - The maker of Passwordstate, an enterprise-grade password man... - https://arstechnica.com/security/2025/08/high-severity-vulnerability-in-passwordstate-credential-manager-patch-now/ #authenticationbypass #passwordmanagers #vulnerabilities #security #patches #biz&it
Ars Technica · High-severity vulnerability in Passwordstate credential manager. Patch now.
I had missed this #linux #kernel discussion about #pathtraversal #vulnerabilities
[RFC] Add a prctl to disable ".." traversal in path resolution
https://lore.kernel.org/linux-fsdevel/20241211142929.247692-1-mjg59@srcf.ucam.org/T/#u
lore.kernel.org[RFC] Add a prctl to disable ".." traversal in path resolution
Multiple top password managers vulnerable to password stealing clickjacking attacks - here’s what we know
https://www.techradar.com/pro/security/multiple-top-password-managers-vulnerable-to-password-stealing-clickjacking-attacks-heres-what-we-know #cybersecurity #passwordmanagers #vulnerabilities #DefCon
Please update yo shit!
Update Now: iOS 18.6.2 and macOS Sequoia 15.6.1 Fix Actively Exploited Vulnerability
https://www.macrumors.com/2025/08/20/ios-18-6-2-vulnerability-fix/
[URGENT] DEF CON Researcher Exposes How Password Managers Betray Your Trust
“Czech security researcher Marek Tóth demonstrated at DEF CON 33 how a single click on any malicious website can steal passwords, credit cards, and 2FA codes from 40 million users of major password managers, with vendors like 1Password and LastPass ...continues
See https://gadgeteer.co.za/urgent-def-con-researcher-exposes-how-password-managers-betray-your-trust/
GadgeteerZA · [URGENT] DEF CON Researcher Exposes How Password Managers Betray Your Trust"Czech security researcher Marek Tóth demonstrated at DEF CON 33 how a single click on any malicious website can steal passwords, credit cards, and 2FA codes
Hacker News Copilot broke audit logs, but Microsoft won't tell customers
https://pistachioapp.com/blog/copilot-broke-your-audit-log
#ycombinator #security #copilot #microsoft #vulnerabilities #disclosure
PistachioCopilot Broke Your Audit Log, but Microsoft Won’t Tell YouCopilot Broke Your Audit Log, but Microsoft Won’t Tell You
How your solar rooftop became a national security issue | TechCrunch https://techcrunch.com/2025/08/15/how-your-solar-rooftop-became-a-national-security-issue/
#cybersecurity #vulnerabilities #solarinverters #solarenergy #electricity #electricgeneration #nationalsecurity
#Solarinverters, crucial for home energy installations, are becoming potential entry points for #cyberattacks. The #vulnerabilities in EG4 Electronics’ inverters, highlighted by CISA, underscore the industry-wide security concerns. The #aggregatevulnerability of a rapidly expanding network of interconnected devices raises concerns about the security of the #energygrid. https://techcrunch.com/2025/08/15/how-your-solar-rooftop-became-a-national-security-issue/?eicker.news #tech #media #news
TechCrunch · How your solar rooftop became a national security issue | TechCrunchTexas solar company EG4 became the poster child for home energy cybersecurity risks this week after federal officials published an advisory detailing how hackers could hijack its inverters.
Two critical flaws in N-able N-central are actively being exploited—could your network be next? Find out what steps you need to take now to keep hackers at bay.
The DefendOps Diaries · Addressing Critical Vulnerabilities in N-able N-central: A Call to Action
A new vulnerability (CVE-2025-49090) is breaking compability in federation between #Matrix servers. Nice that it is getting fixed, but it will be some work to ensure a smooth upgrade.
More info: https://www.theregister.com/2025/08/13/secure_chat_darling_matrix_admits/
The Register · Secure chat darling Matrix admits pair of 'high severity' protocol flaws need painful fixes
NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 
Your Business Apps Are Bringing Friends You Didn't Invite
Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.
At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.
The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:
• Detect malware, tampering, and embedded secrets
• Identify #vulnerabilities and insecure practices
• Uncover undocumented network connections
• Flag #compliance risks from restricted regions
This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.
Real-world applications:
• Procurement: Auto-scan all software before deployment
• Version Monitoring: Detect unexpected behavior changes between releases
• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems
• Risk Management: Assess COTS software as part of ongoing vendor reviews
With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.
Watch the video: https://youtu.be/pU9bHYFND7c
Listen to the podcast: 
Read the blog: ➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b
✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs
Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
CISA’s KEV update adds:
• CVE-2013-3893 – Internet Explorer
• CVE-2007-0671 – Excel
• CVE-2025-8088 – WinRAR
All actively exploited.
Legacy vulnerabilities remain high-value targets — patch or retire them.
/
) Elevation-of-Privilege Vulns Dominate #Microsoft's Patch Tuesday. The company's August #security #update consisted of #patches for 111 unique Common #Vulnerabilities and Exposures (CVEs).
https://www.darkreading.com/application-security/elevation-privilege-vulns-dominate-microsoft-patches
Well, just change your OS to a gnu #linux #distro, more secured and free (as in freedom)
One Open-source Project Daily
A vulnerability scanner for container
https://github.com/anchore/grype
#1ospd #opensource #docker #golang #security #tool #containers #oci #vulnerability #vex #vulnerabilities #containerimage #cyclonedx #openvex
GitHubGitHub - anchore/grype: A vulnerability scanner for container images and filesystemsA vulnerability scanner for container images and filesystems - anchore/grype
I just caught up with this one. In case you haven't seen it:
Security researcher quips maybe it's time to get 'a real job' after being paid meagre $1,000 bug bounty by Apple
h/t, MSN
PC Gamer · Security researcher quips maybe it's time to get 'a real job' after being paid meagre $1,000 bug bounty by Apple
Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server
In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.... https://www.schneier.com/blog/archives/2025/08/friday-squid-blogging-new-vulnerability-in-squid-http-proxy-server.html
Schneier on Security · Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server - Schneier on SecurityIn a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.
Google to Publicly Report New Vulnerabilities Within One Week of Vendor Disclosure #google #vulnerability #vulnerabilities https://www.infosecurity-magazine.com/news/google-report-new-vulnerabilities/
Google Project Zero Changes Its Disclosure Policy
Google’s vulnerability finding team is again pushing the envelope of responsible disclosure:
Google’s Project Zero team will... https://www.schneier.com/blog/archives/2025/08/google-project-zero-changes-its-disclosure-policy.html
Schneier on Security · Google Project Zero Changes Its Disclosure Policy - Schneier on SecurityGoogle’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the bug is fixed before the deadline. However, as of July 29, Project Zero will also release limited details about any discovery they make within one week of vendor disclosure. This information will encompass: The vendor or open-source project that received the report ...