-
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below – CVE-2025-32819 (CVSS score: 8.8) – A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path…
-
Portland City Council formally rejects PGE Forest Park project
Harborton Reliability Project would have required cutting down 376 trees in PGE’s existing right-of-way.
-
Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware
Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. “NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks,” Trend Micro researchers Jacob Santos, Raymart Yambot,…
-
Security Tools Alone Don’t Protect You — Control Effectiveness Does
61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that…
-
Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker,” the Google Threat
-
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. “This vulnerability is due to the presence of a…
-
Oregon Shakespeare’s new leader on its revival after Covid and fires
Gabriella Calicchio brought 25 years of experience in arts management to OSF, where she began a stint as executive director las September.
-
State budget shuts out funding for Dolly Parton’s Imagination Library of Washington
OLYMPIA — The final 2025–2027 operating budget for Washington State was released on April 26, 2025, with the legislative session officially concluding on Sunday, April 27. Despite earlier commitments made from the state in 2022, funding to expand the Imagination…
-
A’ja Wilson’s signature Nike shoe sells out in minutes
WNBA star A’ja Wilson’s A’One signature Nike shoe sold out within minutes of its first drop.
-
Portland coworking market saw steady growth in Q1 2025, report shows
One of Portland’s newest coworking locations opened in Fox Tower in the former Ruby Receptionists office.
