Software giant Oracle is expected to release patches for 320 new security vulnerabilities affecting over 90 products and services across 27 categories. These categories include Oracle’s Communications applications and executives, Construction and Engineering appliances, middleware and servers, and products and services part of the Oracle E-Business Suite. According to a pre-release announcement, the concerned vulnerabilities range from low  – with some being attributed CVSS scores between 4 and 6 – to critical severity. The most…

Within the renamed USDS, the order creates a temporary organization “dedicated to advancing the President’s 18-month DOGE agenda.” The US DOGE Service Temporary Organization will cease to exist on July 4, 2026. Across government, each agency head will be required to establish a “DOGE Team” consisting of four or more employees within 30 days. The teams will typically consist of a team lead, an engineer, a human resources specialist, and an attorney, and will be…

Security experts have warned that two ransomware groups are attempting to trick corporate victims into providing remote access to their machines, for data exfiltration and possible extortion. Sophos said it was tracking the threats as STAC5143 and STAC5777. The latter shares characteristics of Storm-1811 – a financially motivated cybercrime group known to deploy Black Basta ransomware. STAC5143 is a “previously unreported threat cluster” with possible links to prolific threat actors FIN7. Both campaigns observed by…

What is the Medusa ransomware? Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware impacts organisations running Windows, predominantly exploiting vulnerable and unpatched systems and hijacking accounts through initial access brokers. Initial access brokers? Initial access brokers (IABs) specialise in gaining unauthorised access to the networks of organisations, and then sell that access to other cybercriminals – such as ransomware gangs like Medusa. So the ransomware attackers may not…

The energy sector is the cornerstone of modern infrastructure, powering essential services and supporting the daily operations of economies worldwide. However, it also faces unique cybersecurity challenges, particularly in complying with the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standards. Cyber threats keep growing in sophistication and frequency and the sector’s critical assets—such as power grids, pipelines, and renewable energy networks—face unprecedented risk. The implications of a cyberattack on these systems extend…

NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US’ resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out.  Understanding the Cyber Space Threat While NASA has cybersecurity requirements for its spacecraft in operation, these requirements do not extend to…

More than half of European data protection professionals believe budgets will decline in 2025, while a similar share expects technical privacy teams to remain understaffed, according to ISACA. The global IT professional association polled 351 members in the region working in privacy, to better understand the challenges the industry faces. Its State of Privacy in 2025 report revealed that industry professionals are becoming more pessimistic. Aside from the 54% that expect budgets to decrease in…