CSO Online

Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Unauthenticated password reset vulnerability in widely deployed enterprise switching hardware carries a near-maximum severity score.
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
SecurityWeek

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

HPE has patched a critical-severity Aruba Networking AOS-CX vulnerability that allows attackers to reset administrator passwords.

Security News This Week: A Hacker Accidentally Broke Into the FBI’s Epstein Files

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.
CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.
SecurityWeek

Critical N8n Vulnerabilities Allowed Server Takeover

Two critical-severity n8n vulnerabilities could have led to unauthenticated remote code execution, sandbox escape, and credential theft.