Tech News
General news about the tech industry, trends, and major events.
Windows 11 KB5055627 update released with 30 new changes, fixes
Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2 with many new features gradually rolling out, and some new bug fixes for everyone. The KB5055627 update is part of the company’s optional non-security preview updates schedule, which pushes updates at the end of each month to let Windows admins test bug fixes, improvements, and features that […]
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense’s CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS […]
Marks & Spencer pauses online orders after cyberattack
British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. The multinational retailer operates over 1,400 stores, employs 64,000 employees globally, and sells various products, including clothing, food, and home goods. M&S, which reported revenues of £13 billion for FY24, is listed on the London […]
Mobile provider MTN says cyberattack compromised customer data
African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. MTN Group (formerly M-Cell) is Africa’s largest mobile network operator, with a strong Asian market presence. The company has nearly 300 million subscribers across 20 countries and an annual revenue surpassing $11 […]
Windows “inetpub” security fix can be abused to block future updates
A recent Windows security update that creates an ‘inetpub’ folder has introduced a new weakness allowing attackers to prevent the installation of future updates. After people installed this month’s Microsoft Patch Tuesday security updates, Windows users suddenly found an “inetpub” folder owned by the SYSTEM account created in the root of the system drive, normally the C: drive. It […]
Baltimore City Public Schools data breach affects over 31,000 people
Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. Established in 1829, the public school district provides primary and secondary education to 76,841 enrolled students through 164 schools and programs. “On February 13, 2025, Baltimore City […]
SAP fixes suspected Netweaver zero-day exploited in attacks
SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE-2025-31324 and rated critical (CVSS v3 score: 10.0), is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer, specifically the Metadata Uploader component. It allows attackers to upload malicious executable […]
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches
The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. In October, the FBI and CISA confirmed that the Chinese state hackers had breached multiple telecom providers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream) and many other telecom companies […]
Microsoft announces fix for CPU spikes when typing in Outlook
Microsoft says it will soon fix a known issue causing CPU spikes when typing messages in recent versions of its classic Outlook email client. Redmond confirmed this bug last week after a wave of user reports on various online platforms since early November, including Microsoft’s community website, with those affected saying that disabling all spell-check options and add-ins […]
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that […]