-
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below – CVE-2025-27610 (CVSS score: 7.5) – A path…
-
3 takeaways from the Greater Portland Inc. Economic Nexus
A discussion with a JLL senior managing director and Portland City Council president sparked a discussion on how the city can better market itself to new business.
-
Portland apparel brand explains 10% price increase in response to tariffs
Portland Gear’s best-selling backpacks and bags are made in Vietnam, Harvey said, a country that President Donald Trump has imposed a 46% tariff on.
-
Portland will cut ‘core services’ by 20% to restructure, help close budget gap
City Administrator Mike Jordan announced Wednesday that there will be 20% cuts to “core services” over the next year to align with Portland’s restructuring since officially abandoning the old bureau system at the start of 2025.
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
-
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a “major blind spot in Linux runtime security tools,” ARMO said. “This mechanism allows a user application to perform various actions without using system calls,” the company said…
-
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. “This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes,” Netcraft said in a new report shared with The Hacker News. “
-
Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector
-
WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. “This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy,”…
-
Oregon AG Rayfield leads multistate Trump tariff lawsuit
The tariffs could raise the cost of living for the average family in Oregon by more than $3,800 a year.
