software
Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. The CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a newly emerging threat. Not all CISA KEVs signal urgency Recent coverage of CVE-2025-59374 has framed the […]
MITRE shares 2025’s top 25 most dangerous software weaknesses
MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. The list was released in cooperation with the Homeland Security Systems Engineering and Development Institute (HSSEDI) and the Cybersecurity and Infrastructure Security Agency (CISA), which manage and sponsor the […]
Thunderbird adds native support for Microsoft Exchange accounts
Thunderbird 145 has been released with full native support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol. This means that Thunderbird users in Microsoft Exchange environments (e.g., Microsoft 365, Office 365) no longer need third-party add-ons and benefit from seamless message synchronization and folder management locally and on the server. Migrating from […]
Mozilla Firefox gets new anti-fingerprinting defenses
Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting. The new protections will initially be available only in Private Browsing Mode and Enhanced Tracking Protection (ETP) Strict mode. After testing and optimization, they will be enabled by default in the Firefox web browser. […]
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI Sidebar Spoofing attack was devised by researchers at browser security company SquareX and works on the latest versions of the two browsers. The researchers created three realistic attack scenarios where a […]
CommetJacking attack tricks Comet browser into stealing emails
A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required and a threat actor can leverage the attack by simply exposing a maliciously crafted URL to […]
Brave browser surpasses the 100 million active monthly users mark
Brave browser reached 101 million monthly active users and 42 million daily active users this September, marking a new record in the project’s history. At the same time, Brave Search, the project’s privacy-focused search engine that launched in 2021 and relies on its own web index, has grown to 1.6 billion monthly search queries and […]
EU probes SAP over anti-competitive ERP support practices
The European Comission is investigating potential anti-competitive practices in aftermarket services SAP provides for its on-premise ERP software. The decision to launch the investigation into the German software giant came after several years of claims from stakeholders in the industry that the company abuses its dominant position in the market when it comes to maintenance and support […]
Mozilla warns Germany could soon declare ad blockers illegal
A recent ruling from Germany’s Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country. The case stems from online media company Axel Springer’s lawsuit against Eyeo – the maker of the popular Adblock Plus browser extension. Axel Springer […]
Proton launches free standalone cross-platform Authenticator app
Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. 2FA authenticator apps are offline tools that generate time-based one-time passwords (TOTPs) that expire every 30 seconds, and which can be used alongside passwords when logging into online accounts, providing the second factor authentication. Proton is a […]