Toggle light / dark theme

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.

The vulnerability in question is CVE-2025–59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week.

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE).

WordPress security firm Wordfence says that it blocked 8.7 million attack attempts against its customers in just two days, October 8 and 9.

The campaign expoits three flaws, tracked as CVE-2024–9234, CVE-2024–9707, and CVE-2024–11972, all rated critical (CVSS 9.8).

Open letter calls for prohibition on superintelligent AI, highlighting growing mainstream concern

An open letter released Wednesday has called for a ban on the development of artificial intelligence systems considered to be “superintelligent” until there is broad scientific consensus that such technologies can be created both safely and in a manner the public supports.

The statement, issued by the nonprofit Future of Life Institute, has been signed by more than 700 individuals, including Nobel laureates, technology industry veterans, policymakers, artists, and public figures such as Prince Harry and Meghan Markle, the Duke and Duchess of Sussex.

The letter reflects deep and accelerating concerns over projects undertaken by technology giants like Google, OpenAI, and Meta Platforms that are seeking to build artificial intelligence capable of outperforming humans on virtually every cognitive task. According to the letter, such ambitions have raised fears about unemployment due to automation, loss of human control and dignity, national security risks, and the possibility of far-reaching social or existential harms.

Startup turns mining waste into critical metals for the U.S

Today, China dominates the processing of rare earth elements, refining around 60 percent of those materials for the world. With demand for such materials forecasted to skyrocket, the Biden administration has said the situation poses national and economic security threats.

Substantial quantities of rare earth metals are sitting unused in the United States and many other parts of the world today. The catch is they’re mixed with vast quantities of toxic mining waste.

Phoenix Tailings is scaling up a process for harvesting materials, including rare earth metals and nickel, from mining waste. The company uses water and recyclable solvents to collect oxidized metal, then puts the metal into a heated molten salt mixture and applies electricity.

Like radar, a brain wave sweeps a cortical region to read out information held in working memory

Imagine you are a security guard in one of those casino heist movies where your ability to recognize an emerging crime will depend on whether you notice a subtle change on one of the many security monitors arrayed on your desk. That’s a challenge of visual working memory.

According to a new study by neuroscientists in The Picower Institute for Learning and Memory at MIT, the ability to quickly spot the anomaly could depend on a theta-frequency brain wave (3–6 Hz) that scans through a region of the cortex that maps your field of view.

The findings in animals, published in Neuron, help to explain how the brain implements visual working memory and why performance is both limited and variable.

Why Organizations Are Abandoning Static Secrets for Managed Identities

“Using a secret manager dramatically improves the security posture of systems that rely on shared secrets, but heavy use perpetuates the use of shared secrets rather than using strong identities,” according to identity security researchers. The goal isn’t to eliminate secret managers entirely, but to dramatically reduce their scope.

Smart organizations are strategically reducing their secret footprint by 70–80% through managed identities, then using robust secret management for remaining use cases, creating resilient architectures that leverage the best of both worlds.

The Non-Human Identity Discovery Challenge

Over 75,000 WatchGuard security devices vulnerable to critical RCE

Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025–9242) that could allow a remote attacker to execute code without authentication.

Firebox devices act as a central defense hub that controls traffic between internal and external networks, providing protection through policy management, security services, VPN, and real-time real-time visibility through WatchGuard Cloud.

Scans from The Shadowserver Foundation currently show that there are 75,835 vulnerable Firebox appliances across the world, most of them in Europe and North America.

Optical system achieves terabit-per-second capacity and integrates quantum cryptography for long-term security

The artificial intelligence (AI) boom has created unprecedented demand for data traffic. But the infrastructure needed to support it faces mounting challenges. AI data centers must deliver faster, more reliable communication than ever before, while also confronting their soaring electricity use and a looming quantum security threat, which could one day break today’s encryption methods.

To address these challenges, a recent study published in Advanced Photonics proposes a quantum-secured architecture that involves minimal digital signal processing (DSP) consumption and meets all the stringent requirements for AI-driven data center optical interconnect (AI–DCI) scenarios. This system enables data to move at terabit-per-second speeds with while defending against future quantum threats.

“Our work paves the way for the next generation of secure, scalable, and cost-efficient optical interconnects, protecting AI-driven data centers against quantum security threats while meeting the high demands of modern data-driven applications,” the researchers state in their paper.

Netherlands tightens export restrictions on microchip machines, mainly targeting ASML

The Dutch government is tightening its export restrictions on microchip-making machines, specifically deep ultraviolet (DUV) lithographic machines. A licensing requirement will apply to the export of older types of DUV machinery beginning on Saturday, a decision which primarily impacts Dutch business ASML. Foreign Trade Minister Reinett Klever cited national security concerns when announcing the measure on Friday.

According to ASML, the licensing requirement update is a technical change that mainly means that the company will apply for export licenses from the government of the Netherlands, not the United States, for two older types of DUV immersion lithography systems (1970i and 1980i). The Dutch government already implemented a licensing requirement for the newer generations of DUV machines (2000i and later) in September last year.

DUV lithography machines are the second-most advanced microchip-making machines, after extreme ultraviolet (EUV) lithography machines. Dutch company ASML is the world’s only manufacturer of EUV lithography machines and is also a global leader in the production, refurbishment, and repair of DUV lithography machines. DUV machines can still be used to make highly sophisticated microchips, and some of China’s leading tech companies, like Huawei, are actively pushing the limits of the older technology.

/* */