Tech News
General news about the tech industry, trends, and major events.
Brave Search now lets users ‘Rerank’ results from favorite sites
Brave Search has introduced a new feature called Rerank, which allows users to define search results ordering preferences and set specific sites rank higher. Brave Search is a privacy-focused search tool created by Brave Software, which uses its own web index to generate search results. It is marketed as a privacy-first alternative to Google or Bing search […]
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks. The vulnerabilities chained in these attacks include CVE-2024-8963 (an admin authentication bypass patched in September) and CVE-2024-8190 (a remote code execution bug patched the same month). Two other bugs, CVE-2024-9379 (an SQL […]
SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks
SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-23006 and rated critical (CVSS v3 score: 9.8), could allow remote unauthenticated attackers to execute arbitrary OS commands under specific […]
Stealthy ‘Magic Packet’ malware targets Juniper VPN gateways
A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a “magic packet” in the network traffic. The J-magic attacks appear to target organizations in the semiconductor, energy, manufacturing (marine, solar panels, heavy machinery), and IT sectors. […]
Tesla EV charger hacked twice on second day of Pwn2Own Tokyo
Security researchers hacked Tesla’s Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. They also exploited 23 more zero-day vulnerabilities in WOLFBOX, ChargePoint Home Flex, Autel MaxiCharger, Phoenix Contact CHARX, and EMPORIA EV chargers, as well as in the Alpine iLX-507, Kenwood DMX958XR, Sony XAV-AX8500 In-Vehicle Infotainment […]
Critical zero-days impact premium WordPress real estate plugins
The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response. […]
Cloudflare CDN flaw leaks user location data, even through secure chat apps
A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord. While the geo-locating capability of the attack is not precise enough for street-level tracking, it can provide enough data to infer what geographic region a […]
Telegram captcha tricks you into running malicious PowerShell scripts
Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into run PowerShell code that infects them with malware. The attack, spotted by vx-underground, is a new variant of the “Click-Fix” tactic that has become very popular among threat actors to distribute malware over the past year. […]
Cisco warns of denial of service flaw with PoC exploit code
Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. Tracked as CVE-2025-20128, the vulnerability is caused by a heap-based buffer overflow weakness in the Object Linking and Embedding 2 (OLE2) decryption routine, allowing unauthenticated, remote attackers to trigger a DoS condition on vulnerable devices. If this vulnerability is […]
PowerSchool hacker claims they stole data of 62 million students
The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers. PowerSchool is a cloud-based software solutions provider for K-12 schools and districts that provides tools for enrollment, communication, attendance, staff management, learning systems, analytics, and finance. On January […]