access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
CISA Rewrites Federal Patching Requirements for AI Threat Era
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cisa-rewrites-federal-patching-requirements-ai-threat-era also interesting: Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026,…
-
AI Is Reshaping Cybersecurity Training Priorities
ISC2 Survey Says AI Skills Top Training Agendas, But Teams Need to Act Quickly. AI now tops cybersecurity training priorities for 47% of security leaders, as critical cyber skills gaps are growing, according to an ISC2 survey. Most organizations train in-house, and 53% cite time – not budget – as the biggest barrier to effective…
-
Claude Mythos 5 Can Build Exploits But Can’t Power Campaigns
Evaluations of Claude Mythos 5 Elevates Offensive Cyber, But Isn’t Fully Autonomous. Anthropic says its new Claude Mythos 5 model that debuted Tuesday can consistently discover vulnerabilities, build exploit chains and assist attacks on weak enterprise networks, but remains below the threshold for fully autonomous large-scale cyber operations. First seen on govinfosecurity.com Jump to article:…
-
Claude Mythos 5 Can Build Exploits But Can’t Power Campaigns
Evaluations of Claude Mythos 5 Elevates Offensive Cyber, But Isn’t Fully Autonomous. Anthropic says its new Claude Mythos 5 model that debuted Tuesday can consistently discover vulnerabilities, build exploit chains and assist attacks on weak enterprise networks, but remains below the threshold for fully autonomous large-scale cyber operations. First seen on govinfosecurity.com Jump to article:…
-
‘AI Security Institute”: Gründung eines deutschen KI-Sicherheitsinstituts beschlossen
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/ai-security-institute-gruendung-deutsch-ki-sicherheitsinstitut also interesting: Trump takes aim at Biden’s cyber executive order but leaves it largely untouched Einführung von GenAI: Mangelnde Abstimmung im C-Level als Erfolgshemmnis Sicherheitsexperten warnen: Open-Source-KI könnte zu gravierendem Security-Problem werden MY TAKE: ChatGPT is turning into Microsoft Office, and power users are paying the price
-
The Invisible Battlefield: How Cyberwar Is Reshaping Everyday Life
Former National Cyber Director Chris Inglis warns that cyberattacks threaten hospitals, utilities, and essential services. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/invisible-battlefield-cyber-war-reshaping-everyday-life also interesting: How CISOs can balance business continuity with other responsibilities Cyberattack on Germany’s AMEOS Hospital Network Exposes Patient Data Cybercrime Inc.: When hackers are better organized than IT Taiwan Endures Greater…
-
AI Risk Worries Insurers and Businesses Alike
As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage? First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/ai-risk-worries-insurers-businesses-alike also interesting: Midsize firms universally behind in slog toward DORA compliance TDL 008 – Defending the Frontline: Ransomware, AI,…
-
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/ also interesting: Top 12 ways hackers broke into your systems in 2024 Privacy Roundup: Week 4 of Year 2025 Wiz’s Security GraphDB vs. DeepTempo’s…
-
CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats
“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday. First seen on wired.com Jump to article: www.wired.com/story/cisa-ai-vulnerability-directive/ also interesting: Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods New Cybersecurity Executive Order: What You Need To Know…
-
FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders
The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information. First seen on hackread.com Jump to article: hackread.com/fbi-seizes-china-fake-consulting-sites-us-clearance/ also interesting: Governments issue warning on China’s APT40 attacks China-linked cyber-spies infect Russian govt, IT sector Dutch government puts Nexperia…
-
Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
The ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/10/cybercriminals-claim-breach-of-oracle-peoplesoft-servers-at-100-plus-organizations/ also interesting: The most notorious and damaging ransomware of all time Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked 50,000 CCTVs Hacked in India:…
-
Bug Bounty Research Triggers ServiceNow Security Alert
Tags: bug-bountyBug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/bug-bounty-research-triggers-servicenow-security-alert also interesting: Samsung boosts bug bug bounty to a cool million for cracks of the Knox Vault subsystem Microsoft raises rewards for Copilot AI bug bounty program Microsoft now pays up…
-
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the ‘npm install’ command. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-announces-npm-security-changes-to-tackle-supply-chain-attacks/ also interesting: Top 5 real-world AI security threats revealed in 2025 7 Privilege Management Mistakes That Put Business Data at…
-
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/ also interesting: Self-propagating worm found in marketplaces for Visual Studio Code extensions How GlassWorm wormed its way back into developers’ code, and what it says about open source…
-
Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick
US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government’s most powerful surveillance tools. First seen on wired.com Jump to article: www.wired.com/story/trump-risks-key-surveillance-authority-over-unqualified-spy-chief-pick/ also interesting: More telecom firms were breached by Chinese hackers than previously reported US military allocated about $30 billion…
-
North Koreans behind nearly half of US tech industry hacks, says CrowdStrike
North Korean hackers posing as remote IT workers and recruiters remain a major threat to U.S., European, and Asian companies, accounting for about half of all attacks over the past 12 months. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/10/north-koreans-behind-nearly-half-of-us-tech-industry-hacks-says-crowdstrike/ also interesting: Andariel Hackers Target South Korean Institutes with New Dora RAT Malware One hacker,…
-
‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers
The company says there’s little evidence it influenced any real policy discussion. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-china-influence-campaign-chatgpt/ also interesting: DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems Security for AI: How Shadow AI, Platform Risks,…
-
‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers
The company says there’s little evidence it influenced any real policy discussion. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-china-influence-campaign-chatgpt/ also interesting: Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems Security for AI: How…
-
CISA to require federal agencies to patch some cyber vulnerabilities within 3 days
CISA is giving agencies 180 days to adopt the new patching time frame, according to a directive released Wednesday. First seen on therecord.media Jump to article: therecord.media/cisa-to-require-federal-agencies-to-patch-3-days also interesting: F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps…
-
Microsoft releases Windows 10 KB5094127 extended security update
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5094127-extended-security-update/ also interesting: Microsoft Security Update Summary (11. Februar 2025) Microsoft…
-
When Burnout Becomes a Cybersecurity Control Failure
Peter Coroneos of Cybermindz on Stress, the Brain and Human Capability Risk. Cybersecurity burnout is no longer just a wellness concern. It’s an operational risk that quietly degrades the capability of cyber defenders, says Peter Coroneos, founder and chairman of Cybermindz. Cyber burnout levels now exceed those of frontline healthcare workers. First seen on govinfosecurity.com…
-
UK Vows Device-Level Controls for Smartphone Underage Nudes
On Device Controls Spark Privacy, Security Concerns. The British government is demanding that smartphone giants Apple and Google ensure underage users of iOS and Android devices can no longer take, send or view nude photographs. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-vows-device-level-controls-for-smartphone-underage-nudes-a-31933 also interesting: Privacy Roundup: Week 11 of Year 2025 Privacy Roundup: Week…
-
CISA to transform how it assesses cyber vulnerabilities and risks, Andersen says
A binding operational directive being released Wednesday will direct federal agencies to change the way they address vulnerabilities by elevating some while putting others to the side. First seen on therecord.media Jump to article: therecord.media/cisa-to-transform-how-it-assesses-cyber-vulns-risks also interesting: CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability F5 BIG-IP Breach: 44 CVEs That Need Your Attention…
-
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution.Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0.”A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user,” Veeam…
-
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads.”Businesses often share information about people’s activity on their sites with us to make ads more relevant,” Meta said in a statement.”We already use this…
-
Windows 11 KB5094126 & KB5093998 cumulative updates released
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5094126-and-kb5093998-cumulative-updates-released/ also interesting: Windows 11 KB5048667 & KB5048685 cumulative updates released Windows 11 KB5050009 & KB5050021 cumulative updates released Microsoft Security Update Summary (14. Januar 2025) Hacker nutzen…
-
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Today is Microsoft’s June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws/ also interesting: Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws 9 top bug bounty programs launched in 2025 9 top bug bounty programs launched in 2025…
-
SMEs Need Cyber Help That Speaks Their Language
Helen Barge of Howden on Scaling Practical Cyber Support for Small Businesses. Small and mid-sized businesses face unique cybersecurity barriers – from budget constraints to IT providers who fall short on basics – and need accessible, jargon-free guidance, said Helen Barge, principal and head of digital resilience services at global insurance group Howden. First seen…
-
Cyber Risk Contracts Have Become the Weakest Link
Attorney Jonathan Armstrong on AI, Vendor Consolidation and Personal Liability. As organizations outsource more crown jewels to third-party vendors and silently roll out AI, the old playbook of contracts and one-time due diligence is dangerously out of date, says Jonathan Armstrong, partner at Punter Southall Law. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cyber-risk-contracts-have-become-weakest-link-a-31926 also…
-
Security Leaders Must Stop Living by the Framework
Paul Watts of Keywords Studios on Business Alignment, AI Hype and Workforce Risk. Cybersecurity leaders who still operate through the lens of frameworks and risk registers could be irrelevant in a world where business moves without them, said Paul Watts, CISO at Keywords Studios. He recommends investing in both AI and people to sustain operations…
-
Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers
Veeam addressed a critical RCE vulnerability flaw in Backup & Replication that lets low-privileged domain users take control of backup servers. Veeam has patched a critical remote code execution vulnerability, tracked as CVE-2026-44963 (CVSS v4 Score of 9.4), affecting Backup & Replication version 12.x. The flaw could allow a low-privileged domain user to execute code on…
-
Network Log Analysis: Why Collecting Logs is Not Enough
Network Log Analysis helps teams turn raw logs into useful alerts, timelines, audit records, and incident evidence instead of storing data without action. First seen on hackread.com Jump to article: hackread.com/network-log-analysis-collecting-logs/ also interesting: Apache Cassandra Vulnerability Allows Attackers to Gain Access Data Centers The most dangerous time for enterprise security? One month after an acquisition…
-
CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang
Check Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/09/cisa-gives-us-federal-agencies-three-days-to-fix-a-vpn-bug-under-attack-by-a-ransomware-gang/ also interesting: Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks Cybersecurity Snapshot: CISA…
-
High-severity vulnerability in Linux caused by a single faulty character
Use-after-free bug can be exploited to evade sandbox defenses. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/ also interesting: Exim UseFree Vulnerability Enables Privilege Escalation Hackers Target SAP NetWeaver to Deploy New Auto-Color Linux Malware Serious vulnerability found in Rust library Exploit available for new DirtyDecrypt Linux root escalation flaw
-
High-severity vulnerability in Linux caused by a single faulty character
Use-after-free bug can be exploited to evade sandbox defenses. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/ also interesting: CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog BootKitty UEFI malware exploits LogoFAIL to infect Linux systems The dirty dozen: 12 worst ransomware groups active today CISA…
-
Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader.”Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as suspicious,” First…
-
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code.”Our priority is to protect customers and the broader ecosystem,” a Microsoft spokesperson told The Hacker News via email. “We…
-
Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts
Meta says a bug in its AI-assisted account recovery workflow likely let attackers reset passwords for more than 20,000 Instagram accounts. The post Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-meta-instagram-recovery-flaw-20k/ also interesting: McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data…
-
Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You
Tags: cyberAnthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks. First seen on wired.com Jump to article: www.wired.com/story/anthropic-releases-claude-fable-5-mythos-5/ also interesting: Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT Medical Device Maker…
-
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
-
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
-
E-Signature Security Checklist Before Selecting an E-Signature Tool
Tags: toolElectronic signature security starts before the first document is sent. A company needs to know how files are… First seen on hackread.com Jump to article: hackread.com/e-signature-security-checklist-e-signature-tool/ also interesting: Posture ≠Protection Looking for the Best VMDR and Pentesting Tool? The Breakthrough Wie Unternehmen sich gegen neue KI-Gefahren wappnen Security for AI: A strategic framework for…
-
E-Signature Security Checklist Before Selecting an E-Signature Tool
Tags: toolElectronic signature security starts before the first document is sent. A company needs to know how files are… First seen on hackread.com Jump to article: hackread.com/e-signature-security-checklist-e-signature-tool/ also interesting: Posture ≠Protection Looking for the Best VMDR and Pentesting Tool? The Breakthrough Wie Unternehmen sich gegen neue KI-Gefahren wappnen Security for AI: A strategic framework for…
-
CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
Acting director Nick Andersen said a binding operational directive is en route for agencies, and that more specific discussions need to happen with critical infrastructure owners. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-cyber-risk-prioritization-vulnerability-directive/ also interesting: Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA Hackers breach Microsoft IIS services using…
-
Anthropic’s new model is Mythos on a leash
Tags: unclassifiedClaude Fable 5 offers Mythos-level performance for most tasks with safeguards on sensitive topics. Anthropic claims testing found no universal jailbreaks. Whether that actually holds up in practice is harder to predict. First seen on cyberscoop.com Jump to article: cyberscoop.com/anthropic-claude-fable-5-release-mythos-guardrails/ also interesting: Lancom erhält 2025 erneut Silber-Status beim Ecovadis-Nachhaltigkeitsrating Basis für Alarmketten: Neues Drohnen-Lagezentrum in…
-
Anthropic’s new model is Mythos on a leash
Tags: unclassifiedClaude Fable 5 offers Mythos-level performance for most tasks with safeguards on sensitive topics. Anthropic claims testing found no universal jailbreaks. Whether that actually holds up in practice is harder to predict. First seen on cyberscoop.com Jump to article: cyberscoop.com/anthropic-claude-fable-5-release-mythos-guardrails/ also interesting: Chaos-Partei: Pirat unterstützt Porno-Pranger… On Secure Voting Systems Digitale Kaperfahrt – Cyberbedrohungen auf…
-
75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds
Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/firms-deploy-vulnerable-code/ also interesting: Is your enterprise ‘cyber resilient’? Probably not. Here’s how other boards fixed that 7 misconceptions about the CISO role Is HR running your employee security training? Here’s why that’s…
-
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/russian-groups-winrar-flaw-ukrainian-orgs also interesting: Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine Russian APT RomCom combines Firefox and Windows zero-day flaws in drive-by…
-
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/ also interesting: Getting the Most Value Out of the OSCP: The PEN-200 Course Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting Smart GPUGate malware exploits GitHub…
-
XBOW tests Anthropic’s Mythos Preview for offensive security
Anthropic’s Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/xbow-tests-anthropics-mythos-preview-for-offensive-security/ also interesting: Top 16 OffSec, pen-testing, and ethical hacking certifications China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324)…