-
Made in Old Town project announces first tenants to footwear, apparel campus
The Made in Old Town project aims to revitalize Old Town by bringing footwear and apparel makers to the downtown neighborhood.
-
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of
-
As Nike’s market valuation drops below $100B, analysts, CEO ask for patience
Analysts and Nike’s CEO are urging investors to hold tight and be patient while its share price falls to a five-year low.
-
The Pitch: Next Ascent wants to be the pinnacle of climbing apps
The app aims to be like an AllTrails for rock climbing, full of guides for climbs, safety alerts, tips and other information.
-
Executive Insights: Peggy McGuire, Cambia Health Foundation, and Katie McLaughlin, the Ballmer Institute, discuss transformative youth mental health programs (video)
Peggy McGuire, president and board chair of the Cambia Health Foundation, sat down with Katie McLaughlin, executive director of the Ballmer Institute, to discuss her role and the institute’s mission to transform behavioral health care for children and families. The institute focuses on expanding the workforce through innovative training programs, including a unique undergraduate program…
-
Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time…
-
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. “The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%,” Check Point said…
-
Leader Board: 35 new Portland-area executives you should know (Q1 2025)
Welcome to the latest installment of Leader Board, a quarterly feature in which we introduce Business Journal readers to executives who are new to their positions.
-
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined…
-
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. “Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in…
