Featured Story

CISA extends CVE program contract with MITRE for 11 months amid alarm over potential lapse

The MITRE Corporation will continue operating the CVE program for at least another 11 months after CISA extended the contract to avoid a lapse in critical CVE services. The move follows warnings about a possible shutdown and a push toward multi-stakeholder control via the CVE Foundation and the EUVD initiative.

Other Stories

Over 16,000 Fortinet devices compromised with symlink backdoor

More than 16,000 internet-facing Fortinet devices were compromised using a symlink backdoor that remained even after patching. Attackers exploited zero-days and used symbolic links to gain persistent access to systems, evading detection.

Apple Quashes Two Zero-Days With iOS, MacOS Patches

Apple has patched two zero-day vulnerabilities in CoreAudio and RPAC that were used in targeted attacks. These flaws allowed attackers to execute arbitrary code and bypass pointer authentication. The patches were issued urgently outside the regular update cycle.

Payment settlement: beware of fraudulent emails

Phishing emails are circulating, falsely claiming to be from FPS Finance and requesting a €42 payment for the 2024 tax year. The messages appear official but are sent by fraudsters using non-official email addresses and urgent language to prompt action.