News Feed

White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “ President Trump’s Cyber Strategy for America ,” a document that outlines how the United States intends to maintain dominance in cyberspace and confront an increasingly hostile digital landscape. The strategy reflects a broader shift: cyberspace is no longer viewed merely as a technical domain to defend, but as a strategic arena where national power is exercised, protected, and projected. Donald Trump presented the document outlining the administration’s vision and priorities for addressing cyber threats targeting citizens, businesses, and critical infrastructure. From financial systems and healthcare to water utilities and telecommunications networks, the strategy highlights how both state-backed adversaries and cybercriminal groups increasingly exploit digital systems to advance geopolitical interests and economic gain. To address this evolving threat landscape, the strategy introduces six policy pillars that will guide federal actions in the coming years: Build Cyber Workforce Expand cyber talent through education, training, and collaboration between government, academia, and industry. Shape Adversary Behavior Use offensive and defensive cyber operations and national power tools to deter, disrupt, and impose costs on state and criminal cyber adversaries. Promote Common-Sense Regulation Streamline cyber and data regulations to reduce compliance burdens and enable faster, more effective private-sector responses to threats. Modernize Federal Networks Secure and upgrade federal systems with zero-trust, cloud migration, AI-driven security, and post-quantum cryptography. Secure Critical Infrastructure Protect key sectors—energy, finance, telecom, water, healthcare—and strengthen supply chain resilience with government-industry cooperation. Sustain Tech Superiority Protect innovation and leadership in AI, quantum computing, cryptography, and emerging technologies critical to national security. Modernizing federal networks represents another key priority. The strategy calls for the adoption of zero-trust architectures, post-quantum cryptography , cloud migration, and AI-driven security tools to strengthen the resilience of government systems. At the same time, it emphasizes protecting critical infrastructure and supply chains, including energy grids, financial systems, telecommunications, hospitals, and data centers. A central element of the strategy is the need to maintain U.S. superiority in emerging technologies. The United States aims at maintaining technological sovereignty. Artificial intelligence, quantum computing, and advanced cryptography are treated not simply as technological priorities but as strategic assets tied directly to national security and economic power. Equally important is the development of a stronger cyber workforce. The document describes cybersecurity talent as a strategic national asset, calling for deeper collaboration between academia, industry, and government to train the next generation of specialists and strengthen operational capabilities. Perhaps the most significant message of the strategy is its posture. The United States declares that it will act rapidly, deliberately, and proactively to disrupt cyber threats, leveraging coordinated actions between government agencies, private companies, and international allies. Another key element is the integration of the private sector into national cyber defense. The strategy acknowledges that much of the infrastructure underpinning the digital economy is owned and operated by private companies, making collaboration essential to building resilient systems and responding quickly to emerging threats. In this vision, cyberspace is no longer only a domain of defense, it is a key theater of geopolitical competition where technological leadership and national power increasingly converge. For policymakers and security experts worldwide, the message is clear: cybersecurity is no longer just about protecting networks, it is about sustaining national power in the digital age. Follow me on Twitter:  @securityaffairs  and  Facebook  and  Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, White House President Trump’s Cyber Strategy)

OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. [...]

Trump’s Cyber Strategy calls for stronger deterrence against cyber adversaries, modernization of federal networks, protection of critical infrastructure, and investment in technologies such as AI and post-quantum cryptography. The post US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies appeared first on SecurityWeek .

A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue.

A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 147. Applying a patch is advised to resolve this issue.

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure.

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.

Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. [...]

The malware targets browser and cryptocurrency wallet data, along with system information and user files. The post Over 100 GitHub Repositories Distributing BoryptGrab Stealer appeared first on SecurityWeek .

Pentagon CTO Emil Michael said the military is developing procedures for enabling different levels of autonomy in warfare depending on the risk posed. The post Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare appeared first on SecurityWeek .

Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more.

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in

As missiles and drones cross the region’s skies, the Gulf’s layered air-defense networks—from THAAD to Patriot batteries—are being tested in real time.

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026 , cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed a surge in attacks targeting IP cameras across Israel and Gulf countries, including the UAE, Qatar, Bahrain, and Kuwait, as well as Lebanon and Cyprus. The activity, attributed to Iran-linked actors, relied on VPN and VPS infrastructure to scan devices, mainly Hikvision and Dahua Technology cameras, for known vulnerabilities. “During the ongoing conflict, we identified intensified targeting of IP cameras from two manufacturers starting on February 28, originating from infrastructure we attribute to Iranian threat actors. The targeting extends across Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus – countries that have also experienced significant missile activity linked to Iran. On March 1st, we additionally observed camera-targeting activity focused on specific areas in Lebanon.” states Check Point Software Technologies .” “We also observed earlier, more targeted activity against cameras in Israel and Qatar on January 14–15. These dates surround with Iran’s temporary closure of its airspace, reportedly amid expectations of a potential U.S. strike.” Researchers believe the goal was reconnaissance and real-time monitoring to support intelligence gathering and potential military targeting. Threat actors targeted the following vulnerabilities in Hikvision and Dahua devices: CVE Vulnerability CVE-2017-7921 An improper authentication vulnerability in Hikvision IP camera firmware CVE-2021-36260 A command injection vulnerability in the Hikvision web server component CVE-2023-6895 An OS command injection vulnerability in Hikvision Intercom Broadcasting System CVE-2025-34067 An unauthenticated remote code execution vulnerability in Hikvision Integrated Security Management Platform CVE-2021-33044 An authentication bypass vulnerability in multiple Dahua products The experts state that Chinese manufacturers have patched all the above issues. Researchers analyzed exploitation attempts for CVE-2021-33044 and CVE-2017-7921 linked to infrastructure attributed to Iran. In October 2021, experts warned that proof-of-concept (PoC) exploit code was available for two authentication-bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045 . A remote attacker can exploit both vulnerabilities by sending specially crafted data packets to the vulnerable cameras. Since early 2026, scanning activity targeting IP cameras has surged across Israel and several Middle East countries, often aligning with geopolitical tensions such as protests in Iran, U.S. military visits to Israel, and fears of potential strikes. Similar patterns appeared during the June 2025 Israel-Iran conflict, when compromised cameras were likely used for reconnaissance and battle damage assessment, including a case involving a camera near Israel’s Weizmann Institute before a missile strike. “One of the best-known cases occurred when Iran struck Israel’s Weizmann Institute of Science with a ballistic missile and had  reportedly  taken control of a street camera facing the building just prior to the hit” concludes the report. Defenders should reduce risks by removing public internet access to cameras and placing them behind VPN or zero-trust gateways. Organizations should change default passwords, enforce strong unique credentials, and keep device firmware updated. Cameras should run on isolated network segments with restricted outbound traffic. Security teams should also monitor for repeated login failures, suspicious remote access, and unusual outbound connections. This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Hikvision multiple products improper authentication vulnerability CVE-2017-7921 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog . Follow me on Twitter:  @securityaffairs  and  Facebook  and  Mastodon Pierluigi Paganini ( SecurityAffairs  – hacking, Iran, IP cameras)

YARA-X's 1.14.0 release brings 4 improvements and 2 bugfixes. One of the improvements is a new CLI command: deps. This command shows you the dependencies of rules. Here is an example. Rule rule1 has no dependencies, rule rule2 depends on rule rule1 and rule rule3 depends on rule rule2: Running the deps command on these rules gives you the dependencies: Didier Stevens Senior handler blog.DidierStevens.com   (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmalt_sc_div_update_alt_text' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the frontend of the site where the popup is displayed.

The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpoint_login' parameter of the infomaniak_connect_generic_auth_url shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener without origin validation (missing event.origin check) and directly passing user-controlled URLs to window.open() without URL scheme validation. This makes it possible for unauthenticated attackers to execute arbitrary JavaScript in the context of an authenticated administrator's session by tricking them into visiting a malicious website that sends crafted postMessage payloads to the plugin's admin page.

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.