October 16, 2025
Vulnerability scores, huh, what are they good for? Almost nothing
CVE and CVSS systems suffer from misaligned incentives and inconsistency Aram Hovespyan, co-founder and CEO of security biz Codific, says that the rating systems for identifying security vulnerabilities and assessing threat risk need to be overhauled.…
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi? China's cyberspies quietly broke into a Russian IT service provider in what researchers say is a rare example of Beijing turning its digital gaze on Moscow.…
Locked out of your Gmail account? Google says phone a friend
Recovery feature lets trusted contacts help you get back in when other methods fail The latest security feature for Gmail enables users to recover their accounts with a little help from their friends.…
Microsoft kills 9.9-rated ASP.NET Core bug – ‘our highest ever’ score
Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server…
Senator presses Cisco over firewall flaws that burned US agency
Bill Cassidy letter asks if Switchzilla sat on critical flaws before feds were forced into emergency patching US Senator Bill Cassidy has fired off a pointed letter to Cisco over the firewall flaws that allegedly let hackers breach "at least one federal agency."…
Auction house Sotheby’s finds its data on the block after cyberattack
Alert says financial account information lifted from systems Auction house Sotheby's says it was breached on July 24, and those behind the intrusion stole an unspecified amount of data, including Social Security numbers and financial account information.…