IoT

SecurityWeek reports that 99% of 351 healthcare organizations had internet of medical things devices with actively exploited vulnerabilities, while 20% of hospital information systems are impacted by security issues leveraged in ransomware intrusions and remain online.

Full enforcement of the European Union's Cyber Resilience Act is less than three years away. Here's why and how makers of IoT and smart devices should start complying now.

Threat actors have been launching intrusions leveraging a pair of old vulnerabilities impacting the Sitecore CMS and Experience Platform, as well as other security issues affecting the open-source JavaScript framework Next.js and DrayTek devices, according to The Hacker News.

How do we handle scope creep for vulnerabilities?, find the bugs before it hits the real world, risk or hype vulnerabilities, RTL-SDR in a browser, using AI to hack AI and protect AI, 73 vulnerabilities of which 0 patches have been issued, Spinning Cats, bypassing WDAC with Teams and JavaScript, Rust will solve all the security problems, did you he...

Most severe of the newly added flaws is the Edimax IC-7100 IP camera OS command injection vulnerability, tracked as CVE-2025-1316.

After achieving initial access by targeting vulnerable internet-exposed web and application servers, UAT-5918 utilized tools previously associated with Volt Typhoon and Flax Typhoon to facilitate lateral movement, credential and data theft, and further compromise.

This week: Compliance, localization, blah blah, the Greatest Cybersecurity Myth Ever Told, trolling Microsoft with a video, Github actions give birth to a supply chain attack, prioritizing security research, I'm tired of 0-Days that are not 0-Days, sticking your head in the sand and believing everything is fine, I'm excited about AI crawlers, but s...

Abusing the security issues, which arise from inadequate user input sanitization, could enable threat actors to facilitate system command injections, arbitrary code execution, and eventual ICS hijacking.