Enterprise Security Tech

Researchers have uncovered a new exploit that targets the AI-powered browsers Atlas  by OpenAI and Comet  by Perplexity, showing how attackers can create fake AI sidebars indistinguishable from the real interface to deliver malicious commands. The vulnerability—dubbed AI Sidebar Spoofing —was demonstrated by cybersecurity firm SquareX, which found that a rogue browser extension could overlay a counterfeit sidebar capable of intercepting every user interaction. The spoof mimic

Researchers at Forescout’s Vedere Labs say they’ve pulled open a fresh set of dangerous doors in TP-Link’s Omada and Festa VPN appliances — two newly cataloged vulnerabilities that let an attacker execute shell commands as root and resurrect a patched debug backdoor. The duo of flaws, tracked as CVE-2025-7850  and CVE-2025-7851 , expose an uncomfortable truth: incremental patches that don’t remove legacy developer features can create new, high-severity attack paths. The most

A previously undisclosed campaign of cyberespionage is now coming into sharper view, leveraging the zero-day vulnerability known as CVE‑2025‑53770—nicknamed “ToolShell”—to infiltrate a diverse range of targets spanning the Middle East, Africa, South America and the United States. The operation is marked by sophisticated chaining of publicly-known flaws, living-off-the-land tools, and covert backdoors, underscoring a troubling trend of rapid exploitation and cross-regional rea

In what security researchers are describing as a watershed moment for developer supply-chain attacks, a new malware campaign dubbed GlassWorm  has begun spreading through extensions for Visual Studio Code (VS Code) and its open-source alternative, OpenVSX. The worm-like code has been installed on an estimated 35,800 developer machines so far. What happened: A stealthy worm enters the IDE According to analysts at Koi Security, the campaign first surfaced on October 17, 2025 wh

In an era when geopolitics, regulation and innovation are colliding at high velocity, enterprises are sounding the alarm on a new breed of risk—one in which trade policy, state-sponsored cyber threats and under-governed artificial intelligence are converging to create a complex danger zone. According to the Riskonnect 2025 New Generation of Risk Report , a global survey of over 200 risk, compliance and resilience professionals reveals that traditional risk playbooks may be f

Microsoft’s support for Windows 10 officially ended last week on October 14 , but for millions of systems worldwide, that deadline has come and gone with business still as usual — and that’s the problem. Nearly a decade after its 2015 debut, Windows 10 has finally entered the post-support void. Microsoft is no longer issuing free updates, security patches, or bug fixes, and that has left an estimated 5.25 percent of all workloads  still running the operating system exposed, a