Cyber Briefs are monthly executive reports that aim to present an overview of the most relevant developments in cyber security, based exclusively on open sources, with a view to inform political leadership and senior management in its constituency. Additional information on any item in this Brief can be provided upon request. Cyber Briefs are TLP:CLEAR.
On August 13, 2025, Microsoft released its August 2025 Patch Tuesday advisory addressing 111 security flows in various products among which 16 are...
On August 12, 2025, Fortinet released security advisories addressing several vulnerabilities, including a critical one exploited in the wild, and...
On August 6, 2025, Microsoft issued an advisory for a high-severity vulnerability affecting Microsoft Exchange hybrid environments. The...
On August 4, 2025, SonicWall issued an advisory regarding a possible zero-day vulnerability in the Gen 7 SonicWall firewalls. A remote attacker...
Cyber Briefs are monthly executive reports presenting an overview of relevant cybersecurity developments. They are based exclusively on open...
Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.
Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that...
Cybersecurity researchers have revealed the existence of critical security vulnerabilities within the firmware of Dahua smart cameras. These...
A critical vulnerability (CVE-2025-54418) in CodeIgniter4's ImageMagick handler allows command injection, affecting millions of web applications....
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday incorporated a high-severity security vulnerability into its Known...
Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse. This tool was hosted...
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks. This flaw allows...
CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to...
Windows 11 22H2 are scheduled to reach their end of servicing on October 14.
Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors. They are focusing on U.S....
A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to...
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain...
Microsoft SharePoint servers hit by Warlock ransomware in new attacks.
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack...
Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually...
The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware...
Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing...
Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and...
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that...
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with...
Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a...
On July 15, 2025, VMware released a security advisory addressing 3 critical vulnerabilities in its products. These vulnerabilities could allow an...
On June 25, Cisco released an advisory addressing 2 critical vulnerabilities affecting Cisco's Identity Services Engine (ISE) product. This...
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud...
A novel malware family named LameHug is using a large language model (LLM) to generate commands to be executed on compromised Windows systems.
