Articles about Security

ESET has added new ransomware recovery and scam protection capabilities to its consumer and small business products. The security firm's latest offerings, ESET HOME Security and ESET Small Business Security, bring its enterprise-grade Ransomware Remediation feature to homes and small offices for the first time.

Ransomware incidents remain among the most damaging forms of cybercrime worldwide. ESET’s Ransomware Remediation system automatically creates encrypted backups when a threat is detected, so that users can restore any affected files once the attack has been neutralized, hopefully minimizing downtime and data loss.

Continue reading →

It has been known for a little while that Meta has been working on a username system for WhatsApp. The popular messaging app is slightly unusual in not offering people a way to choose a username, but this is going to change at some point in the future.

Recent beta builds of the iOS and Android apps show that work is gathering paced, and the most recent development is a username reservation system. This will serve as a way for users to try to pre-select their preferred username even before the username system rolls out to everyone.

Continue reading →

Microsoft may have all but abandoned Windows 10, but this is not true of its users. There are still millions of Windows 10 systems in use around the world, causing security concerns for many. But not all software developers are turning their backs on Windows 10 – Mozilla included.

The company has announced that “Firefox will continue to support Windows 10 for the foreseeable future”.

Continue reading →

The impact of Internet Explorer is still being felt years after the world moved on from the web browser. Microsoft has announced that it is “Restraining IE Mode Access” in Microsoft Edge, citing concerns about exploitation of 0day vulnerabilities in Internet Explorer’s JavaScript engine.

That Internet Explorer continues to live on in Edge remains astonishing to many, but it has been retained for compatibility issues. Nonetheless, Microsoft is now taking steps to plug holes that have enabled threat actors to gain access to devices.

Continue reading →

Five years after it was launched, Apple has announced major changes to its bug bounty program. The Apple Security Bounty program is entering what the company describes as a “new chapter”, and the headline change is a massive boost to the payments made for the discovery of the most serious types of security issues.

In addition to this and other changes, Apple also reveals that it has paid out over $35 million to more than 800 security researchers since the scheme launched in 2020. The company points out that many of these payouts were for $500,000. But the focus here is what is happening in the future.

Continue reading →

Following a previously acknowledged security breach last month, SonicWall has published an updated bulletin to customers having investigated the incident. The company says that it is now aware that an “unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service”.

SonicWall has also published an extensive document to help customers with “containment, remediation and monitoring”. This includes advising everyone to reset various passwords.

Continue reading →

Malwarebytes has introduced a new range of security packages designed to protect individuals and families based on the number of people in a household rather than the number of devices.

Malwarebytes says its research shows most users now own at least two devices, often including a smartphone, increasing the number of potential entry points for cybercriminals.

Continue reading →

Both Microsoft and Valve have issued warnings about flaws in the Unity engine that could expose gamers to attack. A new version of Steam has been released to plug the security hole as well.

Tracked as CVE-2025-59489, the Unity Gaming Engine Editor vulnerability has a severity rating of 8.4. The nature of Unity is such that the flaw affects multiple platforms – Windows, Linux, macOS and Android. There is good news for some, however; Xbox consoles, Xbox Cloud Gaming, iOS and HoloLens all remain unaffected.

Continue reading →

The situation regarding Red Hat’s recent data breach is worsening – both for the company and for its customers. With GitLab instances belonging to the company having been breached by the Crimson Collective, hundreds of gigabytes of data were stolen.

Now the data breach has transformed into a demand for ransom – perhaps predictably. Interestingly, though, the extortion is not being perpetrated by the Crimson Collective, but by ShinyHunters.

Continue reading →

Oracle has released an emergency patch and an urgent security warning about a 0-day vulnerability in Oracle E-Business Suite.

Tracked as CVE-2025-61882, the security flaw has a severity rating of 9.8 and is described as an “easily exploitable vulnerability”. Oracle warns that the vulnerability is “remotely exploitable without authentication”, going some way to explaining why it is seen as being so serious an issue.

Continue reading →

The personal data of Discord users has been exposed after a third-party customer service provider suffered a data breach.

Hackers were able to obtain support tickets from an unnamed company used by Discord to provide support. From this, they were then able to gain access to data including names and government-issued IDs.

Continue reading →

Perplexity is the latest company to release an AI-powered web browser. Comet is available free of charge for Windows and macOS, and it is looking to compete with the likes of Opera’s Neon.

Comet is not brand new. It launches in July to a limited audience, but now its AI powers are being made available to everyone. But while there is much excitement from Perplexity about the launch, and excitement from users, there is also a warning from security experts.

Continue reading →

A group of hackers calling itself the Crimson Collective says that it has compromised GitLab instances belonging to Red Hat and stolen hundreds of gigabytes of data.

Red Hat has confirmed that it has suffered a data breach, but is yet to provide much in the way of details. The hacking group says that it managed to access 28,000 internal development repositories, and has stolen almost 570GB of compressed data.

Continue reading →

A new study of 500 US IT and cybersecurity staff reveals that 84 percent report feeling uncomfortable levels of stress at work due to IT security risks, while 78 percent fear they will be personally blamed for security incidents.

The report from Object First exposes a gap in how organizations support their IT staff, highlighting the opportunity to provide mental health resources and less complex security technology to help reduce stress as cyber threats continue to rise.

Continue reading →

Details have emerged about a now-patched flaw in Microsoft Entra ID which could have been exploited to gain access to any tenant of any company in the world.

Tracked as CVE-2025-55241, the Azure Entra Elevation of Privilege Vulnerability has a CVSS 3.1 severity rating of 10.0. The security researcher who discovered the flaw said that he had “found the most impactful Entra ID vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world”.

Continue reading →