-
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.…
-
Outsmarting Cyber Threats with Attack Graphs
Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping…
-
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. “Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed,” c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served…
-
U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private…
-
Portland General Electric CEO’s pay rose to $7.4M in 2024
Stock awards drove Maria Pope’s compensation higher in 2024
-
Editor’s notebook: Oregon Children’s Theatre needs a lifeline
Fallout from Covid and the loss of a $900,000 corporate sponsor has left OCT on the brink, forcing the company to cancel its 2025 holds on P’5 theaters, the marquee city-owned venues where OCT performs.
-
OHSU-Legacy deal would create one of Oregon’s biggest foundations
The new foundation would focus on health equity, but a community groups want to ensure wants to make sure they have a voice it how it is run.
-
GSA removes list of federal buildings planned for sale
The list had identified 443 “non-core” buildings across the country the agency planned to sell.
-
DEI in 2025: 5 ways to make it work
It’s time to rethink, not retreat from, DEI, writes Serilda Summers-McGee, founder and CEO of Portland-based Workplace Change.
-
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That’s according to new findings from the Microsoft Threat Intelligence team, which said the Silk…
