Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ...
InfoQ

Google ADK for Java 1.0 Introduces New App and Plugin Architecture, External Tools Support, and More

Google's Agent Development Kit for Java reached 1.0, introducing integrations with new external tools, a new app and plugin ...
Microsoft

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant ...
CSO Online

Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure

Remote terminal units, PLCs, PoS systems, and bedside patient monitors may be susceptible to remote code execution, ...
CSO Online

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...

5 Pieces of Advice for the Leader Inheriting the Mess

The instinct, in the first 30 days, when you inherit a failing program, is to start fixing things immediately. In my ...