Google’s push to adopt Rust across Android’s native-code stack has delivered remarkable results. Memory-safety bugs now account for less than 20 % of all platform vulnerabilities, and engineering teams are shipping faster with fewer rollbacks.
Reports suggest Apple is intensifying CEO succession planning as Tim Cook approaches a natural retirement window. This analysis looks at the Tim Cook retirement rumors, John Ternus’ rise as the likely successor and how a carefully staged transition could shape Apple’s next decade.
Threat actors are abusing Microsoft Entra tenant invitations to run TOAD (Telephone-Oriented Attack Delivery) phishing campaigns that look like legitimate Microsoft 365 billing notifications. Instead of pushing links or attachments, they convince users to call attacker-controlled “support” numbers, where credentials and remote-access authorizations are harvested. This analysis explains how the attack chain works, which guest invitation properties are being misused, and how security teams can hunt for and mitigate these callbacks.
S3 leaks are preventable. This 10-step checklist blocks public reads by default, disables ACLs with Object Ownership, enforces default encryption, and logs every object access. Add VPC endpoints and Access Analyzer, then verify with CloudTrail data events. You’ll keep buckets private without breaking developer workflows.
SilentButDeadly is an open-source Windows tool that neutralizes EDR and AV visibility by cutting their cloud communications with Windows Filtering Platform filters instead of killing the agents. This article unpacks how SilentButDeadly discovers security processes, applies process-specific network blocks, disrupts services, and what defenders should monitor to detect and withstand similar EDR neutralization techniques.
A public PoC exploit tool for CVE-2025-64446 now turns FortiWeb WAF appliances into high-value RCE targets. The bug uses a relative path traversal flaw to execute administrative commands over HTTP or HTTPS, and active exploitation in the wild, CISA KEV inclusion, and GitHub tooling mean security teams must urgently patch, lock down management access, and fold FortiWeb into their broader Fortinet and perimeter compromise playbooks.
The RondoDox botnet now targets unpatched XWiki servers through CVE-2025-24893, a critical eval injection flaw that lets any guest execute remote code and drop miners, turning forgotten wiki instances into entry points and compute fuel.
Some Windows 10 ESU devices fail to install the KB5068781 update, rolling back with error 0x800f0922. Microsoft now lists this as a known issue that affects subscription-activated ESU systems managed through the Microsoft 365 Admin Center. Track affected devices, verify ESU activation, and plan for a servicing fix.
A California jury ordered Apple to pay Masimo $634 million for infringing a blood-oxygen monitoring patent in Apple Watch models. The verdict raises stakes in a yearslong fight over health-sensor IP, ITC import bans, and Apple’s wearable roadmap.
Akira ransomware has evolved into one of the most disruptive ransomware-as-a-service operations, hitting more than 250 organizations and extorting over $244 million. This article walks through how Akira gains initial access, exploits VPN and firewall weaknesses, moves laterally, and applies double extortion — then outlines practical defenses security teams can deploy now.