-
Don’t Overlook These 6 Critical Okta Security Configurations
Given Okta’s role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security…
-
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. “It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit,” Trend Micro researchers Ted…
-
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync…
-
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of “broken” pickle files to evade detection. “The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file,” ReversingLabs researcher Karlo Zanki said in a report shared with…
-
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best…
-
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.…
-
AI-Powered Social Engineering: Reinvented Threats
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these changes are impacting business, and how cybersecurity leaders…
-
Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers’ pathway. The tech giant’s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET
-
North Wasco County School District 21 superintendent makes statement on commitment to safe spaces for all students
-
Town Hall in Hood River: Sen. Merkley, Rep. Dexter appear
HOOD RIVER — Every year, Sen. Jeff Merkley visits each of Oregon’s 36 counties. After talking with folks in Wasco County, freshman Rep. Maxine Dexter joined him at Hood River Middle School for a town hall Jan. 25.
