Author: user
December 25, 2025Ravi LakshmananVulnerabilities / Enterprise Security Fortinet announced Wednesday that it has seen “recent exploitation” of a five-year-old security flaw in FortiOS SSL VPN under certain configurations. The vulnerability in question, CVE-2020-12812 (CVSS score: 5.2), is an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to successfully log in without being prompted for a second factor of authentication if the case of the username is changed. “This occurs when two-factor authentication is enabled in the ‘User Local’ settings and the user authentication type is set to a remote authentication method (such as LDAP). This…
December 25, 2025Ravi LakshmananVulnerabilities / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw affecting the Digiever DS-2105 Pro network video recorder (NVR) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This vulnerability is tracked as CVE-2023-52163 (CVSS score: 8.8) and is related to a command injection case that allows remote code execution after authentication. “Digiever DS-2105 Pro has an insufficient authentication vulnerability that could allow command injection via time_tzsetup.cgi,” CISA said. The addition of CVE-2023-52163 to the KEV catalog comes amid multiple reports from Akamai and Fortinet regarding the…
There was a time when most Americans had little or no knowledge about their local data centers. Server farms, long the invisible but vital backbone of the Internet, have rarely captured the attention of those outside the technology industry, not to mention that they are an issue with particularly fascinating political resonance. As of 2025, it looks like that era is officially over. Over the past 12 months, data centers have sparked protests in dozens of states as local activists seek to counter America’s ever-increasing computing expansion. Data Center Watch, an organization that tracks anti-data center activity, writes that 142…
At the annual Slush conference held in Helsinki last month, it was impossible to ignore the excitement in Europe’s startup market. However, actual data on the current state of the region’s venture market shows a different reality. Result: European markets have yet to recover from the global venture capital reset that occurred in 2022 and 2023. However, there is evidence that the European market is on the mend, including the recent exit of Klarna and the region’s homegrown AI startups that are attracting attention from local investors and beyond. Investors poured 43.7 billion euros ($52.3 billion) into European startups in…
From a distance, it might have looked like a small child was wending her way through the waving grass along a vast lake. But a closer look would have revealed a strange, in-between creature — a big-eyed imp with a small head and an apelike face who walked upright like a human.She may have looked warily over her shoulder as she walked, on alert for saber-toothed cats or hyenas. She may have used her strong arms to climb the shrubby trees nearby, searching for fruit, eggs, or insects to eat. Or perhaps she simply rested on the shores of the…
Waymo said Tuesday in a blog post explaining why its self-driving cars got stuck at intersections during last weekend’s power outages in San Francisco that it will ship a software update that will allow robotaxis to “more decisively” navigate faulty traffic lights during power outages. Waymo said the robotaxi’s self-driving system treats dead-end lights as four-way stops, just as humans would. That way, robotaxis would have been able to operate normally despite the large-scale power outage. Instead, many vehicles asked Waymo’s fleet response team for a “verification check” to make sure they were doing the right thing. All Waymo robotaxis…
December 24, 2025Ravi LakshmananMalware/Endpoint Security Cybersecurity researchers have discovered a new variant of the macOS information stealer called MacSync, which is delivered by digitally signed and notarized Swift applications disguised as messaging app installers that bypass Apple’s Gatekeeper checks. “Unlike previous MacSync Stealer variants that primarily rely on device dragging and ClickFix-style techniques, this sample takes a more deceptive and artificial approach,” said Jamf researcher Thijs Xhaflaire. The latest version is distributed as a code-signed and notarized Swift application in a disk image (DMG) file named zk-call-messenger-installer-3.9.2-lts.dmg hosted on zkcall, Apple’s device management and security company said.[.]Net/Download. ” The fact…
TechCrunch’s Startup Battlefield pitch contest attracts thousands of applicants each year. These entries will be narrowed down to the top 200, and the top 20 will compete on the big stage to win the Startup Battlefield Cup and $100,000 in prize money. However, the remaining 180 startups all surprised us in their respective categories and are competing in their own pitch competitions. Below is the complete list of Biotech and Pharmaceutical Startup Battlefield 200 selectors and notes on why they entered the competition. CasNx What: CasNx has invented a new type of antiviral treatment for organs from organ donors. Why…
The Mill may have started with homes, but co-founder and CEO Matt Rogers says the food waste startup has long aspired to expand into commercial customers. “This has been part of our plan since the Series A deck,” Rogers told TechCrunch. Now, with a formal deal between Amazon and Whole Foods, the company’s plans to profit from processing other people’s food waste have become a little more public. Starting in 2027, Whole Foods plans to introduce commercial-scale versions of Mill’s food waste bins to its grocery stores. The bins will crush and dewater waste from the produce sector, reducing expensive…
December 24, 2025Ravi LakshmananOnline fraud/artificial intelligence According to ESET data, the fraudulent investment scheme known as Nomani has increased by 62%, and campaigns distributing this threat have expanded beyond Facebook to other social media platforms such as YouTube. A Slovak cybersecurity company said it has blocked more than 64,000 unique URLs related to the threat this year. The majority of detections occurred in the Czech Republic, Japan, Slovakia, Spain, and Poland. Nomani was first documented by ESET in December 2024 as using social media malvertising, company-branded posts, and artificial intelligence (AI)-powered video testimonials to trick users into investing money in…