ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA
Schneider Electric, Siemens, Phoenix Contact and CISA have released ICS product security advisories on the January 2025 Patch Tuesday. Schneider Electric published nine new advisories this month. Six of them describe high-severity vulnerabilities affecting PowerLogic HDPM6000 High-Density Metering System (privilege escalation), RemoteConnect and SCADAPackTM x70 utilities (potential remote code execution), Modicon M340 and BMXNO communication […]
Read More
Adobe: Critical Code Execution Flaws in Photoshop
Software maker Adobe on Tuesday rolled out fixes for more than a dozen security defects in multiple products and warned that malicious hackers can exploit these bugs in remote code execution attacks. The company said the vulnerabilities affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and the Adobe Substance 3D Designer. According […]
Read More
Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days
Microsoft’s struggles with zero-days have stretched into 2025 with fresh news of a trio of already-exploited vulnerabilities in the Windows Hyper-V platform. The software giant on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation […]
Read More
Biden Signs Executive Order Aimed at Growing AI Infrastructure in the US
President Joe Biden on Tuesday signed an ambitious executive order on artificial intelligence that seeks to ensure the infrastructure needed for advanced AI operations, such as large-scale data centers and new clean power facilities, can be built quickly and at scale in the United States. The executive order directs federal agencies to accelerate large-scale AI […]
Read More
UK Considers Banning Ransomware Payment by Public Sector and CNI
The UK government has introduced a consultation process (running until April 8, 2025) for a proposed ban on ransomware payments by the public sector, and by owners and operators of regulated critical national infrastructure (CNI). The ban on paying ransoms is coupled with more stringent reporting requirements. Organizations outside the ban, and legally able to […]
Read More
WEF Report Reveals Growing Cyber Resilience Divide Between Public and Private Sectors
The World Economic Forum (WEF) Global Cybersecurity Outlook 2025 report examines the challenges and effects caused by an increasingly complex global cybersecurity landscape. The challenges primarily come from new technology, increasing criminal sophistication (both financially motivated and nation-affiliated groups), lengthening supply chains, geopolitical tensions, regulations, and the continuing skills gap. The primary effect is a […]
Read More
BforeAI Raises $10 Million for Predictive Attack Intelligence
Cyber threat prevention solutions provider BforeAI on Tuesday announced raising $10 million in Series B funding. The latest funding, which brings the total raised by the company to more than $30 million, was led by Titanium Ventures, with participation from SYN Ventures, Karista, and Addendum Capital. BforeAI previously raised $15 million in a Series A […]
Read More
How to Eliminate “Shadow AI” in Software Development
In a recent column, I wrote about the nearly ubiquitous state of artificial intelligence (AI) in software development, with a GitHub survey showing 92 percent of U.S.-based developers using AI coding tools both in and outside of work. Seeing a subsequent surge in their productivity, many are taking part in what’s called “shadow AI” by […]
Read More
Snyk Says ‘Malicious’ NPM Packages Part of Research Project
Several apparently malicious NPM packages linked to Snyk raised some concerns, but the developer security firm said they were part of a research project and suggested that there was no risk to anyone. SourceCodeRed researcher Paul McCarty raised the alarm last week when he spotted the packages on the NPM Registry, warning that the packages […]
Read More
Orchid Security Banks Hefty $36M Seed Round
Orchid Security, a New York startup building technology in the identity-first security orchestration space, has raised $36 million in an unusually large seed round co-led by Team8 and Intel Capital. The company and its investors are making a big bet on using LLMs (large language models) to address the complexity of managing fragmented identity systems […]
Read More