Daily News

Your BitLocker-encrypted Windows devices may not be as protected as your NIS2 compliance report says. This week a researcher published GreatXML — a technique that achieves a SYSTEM-level shell with full access to a BitLocker-encrypted volume using nothing more than two XML files placed on the recovery partition. No patch exists. Microsoft is still assessing…

Three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS. One exploit chain. Full network control. Zero authentication required. If you use UniFi in your office — and most DACH SMBs do — this is your highest-priority patch this week. CISA added three Ubiquiti vulnerabilities to its Known Exploited Vulnerabilities catalog on June 23, confirming active exploitation…

An AI agent just did what would take a skilled security researcher months — and it cost $1,000. Security startup depthfirst ran an autonomous AI agent against FFmpeg, the media processing library embedded in virtually every video call platform, streaming service, and recording tool. The agent scanned 1.5 million lines of C code and found…

The security vendor you trust just got hacked — and took nine of its customers with it. The Icarus extortion group compromised Klue, a competitive intelligence platform. They didn’t need a zero-day. They found a single legacy credential, got into Klue’s backend, and pushed a code update that silently harvested OAuth tokens for every active…

Ransomware operators found a backdoor into your network. It looks exactly like a Teams meeting. Symantec and Carbon Black disclosed that DragonForce ransomware affiliates deployed Backdoor.Turn — a Go-based implant that tunnels its command-and-control traffic through Microsoft Teams TURN relay servers. The malware obtains an anonymous Teams visitor token, uses a legitimate Microsoft relay for…