This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin who are creating new security models for their AI infrastructure.

Artificial intelligence is changing industries from finance and healthcare to entertainment and cybersecurity. As AI adoption grows so do the risks to its integrity. AI models are being targeted by cybercriminals to manipulate, steal or exploit sensitive data. From adversarial attacks that mess with AI decision-making to large-scale data breaches the security landscape is more complex than ever.

The very nature of AI which relies on massive datasets, cloud computing power and decentralized processing creates vulnerabilities. Securing AI systems is not just about protecting data; it’s about reliability, trust and ethical usage.

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin which are creating new security models for their AI infrastructure.

****The Growing Threats to AI****

AI is a target for cybercriminals. AI models process sensitive data from financial transactions to medical records so are a treasure trove for hackers. Breaches not only expose confidential information but also raise ethical concerns about privacy violations and data misuse.

The biggest security risks are data breaches, model theft and infrastructure vulnerabilities. AI models rely on proprietary datasets and unauthorized access to these datasets can cause financial and reputational damage. Attackers can steal AI models or feed them adversarial data to mess with outputs and cause incorrect decision-making. Centralized AI cloud solutions are single points of failure and can be taken down and cause service disruptions.

To address these risks many AI platforms are moving away from traditional centralized models to decentralized architectures. By distributing AI workloads and data across multiple nodes companies can increase security, reduce failure risks and create more robust AI-driven ecosystems.

****How These Two Decentralized AI Brands Tackle Cybersecurity****

AI solutions use different strategies to keep systems safe from cyber threats like hacking, data leaks, and unauthorized access. By building strong security measures, they help protect sensitive information and ensure AI runs smoothly and securely. Let’s take a look.

****OORT: Protecting Data with Blockchain****

OORT secures its holistic AI offering with blockchain and decentralization to build a more powerful cloud. One of its key patented innovations is the Proof of Honesty (PoH) algorithm which makes AI computations verifiable and tamper-proof. 

Unlike traditional cloud systems that rely on centralised servers that can be targeted, OORT distributes data across a decentralized network, so the risk of breaches or unauthorised access is greatly reduced. Even if one part of the network is compromised the rest remain secure so continuity and reliability are maintained.

To add more security, OORT uses Olympus Protocol, a DAG-based system (PDF), so transactions are faster, cheaper, and more scalable. Instead of miners, it uses trusted committees to validate transactions and secure the network. This allows for zero fees, high speed, and easy interoperability with other chains, it’s a good fit for Web3.

Since the blockchain is immutable any attempt to alter data leaves a trail so attackers can’t cover their tracks. 

Additionally, OORT recently partnered with DeTaSECURE to add AI security and data integrity using advanced threat intelligence to fortify decentralized AI infrastructure against cyber threats and support trustless, verifiable AI models in Web3.

By combining blockchain verification with distributed validation OORT creates a trustless AI infrastructure where users don’t have to rely on a single entity to verify computations. Nodes across the network validate AI processes so it’s fair, accurate and secure.

Image: OORT Infra. Edge, Super and Backup Nodes.

This is particularly useful for industries that require high trust such as finance, healthcare and autonomous systems where AI-driven decisions are critical. Through these mechanisms, OORT secures AI applications reduces risk and provides a safer environment for advanced AI solutions.

****Filecoin: Eliminating Single Points of Failure****

AI models need large datasets which are often stored in the cloud. Traditional cloud storage has risks due to centralization which creates a single point of failure. Decentralized storage is a more secure option.

Decentralized storage is key for AI because it eliminates single points of failure, and reduces the impact of a cyber attack. It uses cryptographic proofs to ensure data integrity and authenticity and allows users to control encryption and access permissions.

Filecoin is a decentralized storage network that provides secure and scalable data storage solutions. It secures AI-related data through Proof-of-Replication and Proof-of-Spacetime, cryptographic methods that verify data integrity and prevent unauthorized modifications. 

Distributed storage nodes prevent centralization breaches by distributing AI datasets across multiple storage providers.

Client-controlled encryption allows users to encrypt their data before storing it so only authorized parties can access it. By using decentralized storage AI platforms can reduce their dependence on vulnerable cloud providers and build a more resilient infrastructure.

****AI and Cybersecurity Future****

As AI adoption grows so will the sophistication of attacks on AI systems. Solving these security challenges requires continuous innovation and collaboration between AI developers, security experts and regulatory bodies.

Several trends are shaping AI security. Federated learning is emerging as a method where AI models are trained across decentralized devices without sharing raw data, more privacy. Blockchain-powered AI security uses smart contracts and distributed ledgers to ensure transparency and prevent unauthorized modifications. AI is being used to detect security threats in real-time, more resilience against attacks.

With cyber threats getting more sophisticated, AI platforms need to get proactive with security to be trusted and reliable. Companies need to realize that security is not an afterthought but a foundation of AI innovation. 

Whether through decentralized infrastructure, encryption protocols or secure AI training environments, the future of AI security is resilience, transparency and bleeding-edge tech. By security from the start, AI developers and companies can build systems that are intelligent and threat-proof.

How These Decentralized AI Solutions Secure Their Services in a Disruptive Industry

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.

This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.

Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-4c37-7m5h-c8m9: Apache Felix Webconsole: XSS in services console

In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack.
This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

A new phishing campaign is targeting businesses with fake Facebook copyright notices.  Learn how to spot the signs and keep your Facebook account secure.

Facebook, the world’s leading social media platform, has become the subject of a new **phishing campaign** that has targeted over 12,000 email addresses across hundreds of businesses, reveals the latest research from Check Point Research (CPR). 

This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.

Reportedly, scammers are leveraging **Salesforce’s automated mailing** service to distribute these deceptive emails, without manipulating the sender ID, which makes these emails appear to originate from \[email protected\], lending a sense of authenticity to their operation.

These emails carry counterfeit Facebook logos and falsely accuse recipients of copyright infringement. Such as in a sample email screenshot researchers have shared, the attackers cite the unauthorized use of copyrighted music owned by Universal Music Group as the issue. 

According to CPR’s **report**, recipients are then threatened with account restrictions, including limitations on posting, live streaming, or advertising unless they contest the claim within a short timeframe.

2 of the phishing emails used in the campaign (Via CPR)

This deception continues with a fraudulent Facebook support page, the link to which is included in the email and unsuspecting victims are prompted to enter their login credentials. This page is designed to extract sensitive information, falsely claiming that these details are necessary for an account review rather than disablement.

The landing page itself mimics the legitimate Facebook interface as shown in the screenshot. It features an “Account Overview” section with details of a supposed “Account Restriction.”  It falsely claims the user is “not allowed to use Meta Products to advertise” due to non-compliance with Advertising Standards.  The page includes fake options to “Request a review” and “Unlock advanced features,” further enticing victims to provide their credentials.

The screenshot reveals a cybercriminal’s fraudulent landing page designed to harvest login credentials (Via CPR)

This campaign threatens Facebook-dependent businesses worldwide by allowing cybercriminals to control their admin accounts, alter content, manipulate messaging, delete posts, and modify security settings. This can lead to negative consequences such as client trust erosion, customer attrition, and potential legal actions. For businesses in regulated industries like healthcare and finance, breaches can result in non-compliance, fines, and legal challenges, researchers noted.

It is worth noting that Facebook is often targeted in copyright infringement-based scams. Last year, **Hackread reported** a sophisticated scam targeting META business owners, claiming their page would be permanently deleted due to a post allegedly infringing on trademark rights, forcing them to click on malicious links under the guise of resolving policy violations.

Therefore, organizations should implement a clear incident response plan, including steps for recovering compromised accounts, setting up alert systems for suspicious logins and unusual account activity and training employees to verify Facebook account page status. These strategies can significantly reduce vulnerability to the campaign.

Scammers Use Fake Facebook Copyright Notices to Hijack Accounts

Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.
With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for

Don't Overlook These 6 Critical Okta Security Configurations

Swarms of weaponized unmanned surface vessels have proven formidable weapons in the Black and Red Seas. Can the US military learn the right lessons from it?

It was the most expensive war game in US military history, and the outcome was a disaster.

Conducted in 2002 and costing roughly $250 million to plan over two years, the so-called Millennium Challenge exercise pitted a Blue team representing the United States against a Red team representing a fictional state in the Persian Gulf, usually understood as Iran or Iraq, as a means of testing the US Defense Department’s post-Cold War doctrine based on advanced new technologies and concepts.

Despite the Blue Team’s ostensible military and technological superiority, the Red team, led by Marine Corps Lieutenant General Paul Van Riper, unleashed complete chaos upon its adversary using unanticipated asymmetric and unconventional tactics—most notably, a complex cruise missile attack followed by a wave of explosive-laden kamikaze speedboats that, in one 10-minute swarm, sank 19 Blue team warships and inflicted 20,000 simulated casualties on his adversary. The exercise was so disastrous that the Pentagon went on to impose arbitrary constraints on the Red team that all but ensured a Blue team victory, prompting Van Riper to quit as team leader in protest.

As part of its complicated legacy, Millennium Challenge 2002 had undermined the very advanced technologies it sought to validate, proving that a handful of small watercraft could, when deployed in coordinated swarms amid a larger attack, successfully outmaneuver larger surface warships with potentially deadly consequences. It’s a lesson the Pentagon all but ignored by stacking the deck in favor of the Blue team following the Red team’s initial victory. Now, more than two decades later, its lessons are playing out in battlefields around the world.

View of an explosion on a ship that Houthis say is an attack by them on Greek-owned MV Tutor in the Red Sea, dated June 12, 2024, in this screen grab obtained from a video.Photograph: HOUTHI MEDIA CENTRE/Reuters

Unmanned surface vessels (USVs) loaded with explosives and other lethal payloads are proving a fearsome weapon for ostensibly outgunned fighting forces. Amid Russia’s ongoing invasion, the Ukrainian military has successfully driven Moscow’s Black Sea Fleet from its safe harbor in Sevastopol in the annexed Crimean peninsula using a growing fleet of weaponized drone boats that aren’t just successfully targeting other surface vessels, but engaging shore targets with their own organic kamikaze first-person-view drones and knocking Russian aircraft out of the sky with machine guns and surface-to-air missiles. In the Red Sea, the Iranian-backed Houthi rebels in Yemen have employed explosive-laden watercraft to lesser effect in response to Israel's military campaign against Hamas in Gaza, successfully sinking the Liberia-flagged bulk carrier _MV Tutor_ in June 2024 and consistently disrupting international maritime traffic in the region.

The concept of kamikaze boats isn’t new: The US Navy learned this lesson firsthand in October 2000, when a small boat full of suicide bombers blew a hole in the side of the Arleigh Burke-class destroyer USS _Cole_ in Yemen’s Aden Harbor, killing 17 American sailors. But the Ukrainian and Houthi campaigns both represent weaker belligerents who have used complex attacks of missiles and drones, both airborne and maritime, to significantly disrupt their adversaries’ naval operations just as Van Riper did during Millennium Challenge decades ago.

“Within a few minutes, the US fleet was confronted with boats, cruise missiles, and aircraft, which overwhelmed the electronics and human decisionmaking,” Van Riper tells WIRED. “Small boats themselves have been demonstrated by Ukraine as useful, but to the degree they can be complemented with other systems they are even more effective.”

The US military has been steadily exploring the potential applications of USVs to naval warfare for years. Four large USVs associated with the US Navy’s Ghost Fleet Overlord initiative have been autonomously transiting oceans since at least 2018 as part of a large-scale effort to add unmanned systems to the surface fleet. In 2021, the Navy stood up Task Force 59 to “rapidly integrate unmanned systems and artificial intelligence with maritime operations” in the 5th Fleet area of operations in the Middle East, as officials announced at the time. The following year, the service established an Unmanned Surface Vessel Division to focus on building the “foundational knowledge” for the regular operation and sustainment of USVs. And in mid-2024, the service unveiled a new Robotic Warfare Specialist to focus on drone systems and stood up a separate squadron of small USVs explicitly “to deliver the most formidable, unmanned platforms in the maritime domain,” according to officials.

Commercial operators deploy Saildrone Voyager Unmanned Surface Vessels out to sea in the initial steps of U.S. 4th Fleet’s Operation Windward Stack during a launch from Naval Air Station Key West’s Mole Pier and Truman Harbor, on September 13, 2023.Photograph: Danette Baso Silvers/US NAVY

Today, USVs of all sizes are used for everything from surveillance and reconnaissance to mine sniffing, augmenting the existing surface fleet as floating sensor nodes for sailors aboard conventional warships.

The US isn’t alone in its newfound focus on drone boats. In December 2024, officials with the North Atlantic Treaty Organization (NATO) laid out plans for the alliance’s own fleet of small USVs to operate as a robotic surveillance network like “street-lighting” in busy Atlantic waterways. Then, in January, NATO’s Maritime Command announced that a contingent of 20 USVs would participate in NATO’s new Baltic Sentry operation, which is designed to safeguard sensitive communications, power cables, and other “critical infrastructure” throughout the Baltic Sea that have been the focus of sabotage efforts in recent years.

With the threat of a future conflict with China over Taiwan’s sovereignty looming on the horizon, the Navy has kicked its USV ambitions into high gear. As part of the Pentagon’s ongoing Replicator initiative launched in 2023 to quickly field both low-cost ("attritable," in US military speak) unmanned systems to US troops abroad ahead of the next big war with a “near-peer” adversary like Russia or China, the Navy has pursued the rapid production of swarms of small, networked USV “interceptors” through its Production-Ready Inexpensive Maritime Expeditionary (PRIME) Small Unmanned Surface Vehicle (sUSV) project. These interceptors are capable of “loitering in an assigned operating area while monitoring for maritime surface threats, and then sprinting to interdict a noncooperative, maneuvering vessel,” as the Defense Innovation Unit solicitation described them.

It’s unclear what those future interceptors may look like, but the Navy and Marine Corps have in recent years experimented with various armed USVs designed to engage adversary surface fleets with lethal payloads. They include the Textron Systems–produced Expeditionary Warfare USV armed with a .50 caliber machine gun and AGM-114 Hellfire missile system the Navy publicly debuted in August 2019; the Common Unmanned Surface Vehicle (CUSV) armed with a .50 cal for force protection Textron demonstrated in 2020; the Marine Corps’ Long Range Unmanned Surface Vessel (LRUSV) outfitted with a launcher for multiple Uvision Hero-120 loitering munitions the service debuted in May 2023; and the MARTAC T38 Devil Ray which successfully destroyed several seaborne targets with Lethal Miniature Aerial Missile System–launched loitering munitions during the Navy’s first two Digital Talon exercises in late 2023. In addition, the Navy’s fiscal year 2024 budget request sought to fund an experiment to test a notional Multi-domain Area Denial from Small-USV (MADS), an unmanned Global Autonomous Reconnaissance Craft outfitted with surface-to-air FIM-92 Stinger missile launchers designed to defend larger vessels against airborne attacks.

“During future conflicts, US and allied forces will be greatly outnumbered by peer or near-peer competitors in both tactical platforms and munitions,” as the Navy’s budget documents described the logic behind the MADS experiment. “Large numbers of small, low signature, attritable unmanned missile launching vessels have the potential to improve surface force magazine depth and reduce risk to force in denied areas.”

A Lethal Miniature Aerial Missile System launches munitions from a MARTAC T-38 Devil Ray unmanned surface vehicle, attached to U.S. Naval Forces Central Command’s Task Force 59, during Exercise Digital Talon in the Arabian Gulf on October 23, 2023.Photograph: Chief Mass Communication Specialist Justin Stumberg/US NAVY

The Navy’s armed USV efforts appear to have culminated in Project 33, a new initiative unveiled as part of Chief of Naval Operations Admiral Lisa Franchetti’s 2024 Navigation Plan in September 2024 that focuses on, among other targets, “scal\[ing\] robotic and autonomous systems to integrate more platforms at speed” in an ostensible complement to the Pentagon’s larger Replicator effort, designed to outfit American fleets with armed robot boats ahead of a potential future war with China.

“This Navigation Plan drives toward two strategic ends: readiness for the possibility of war with the People’s Republic of China by 2027 and enhancing the Navy’s long-term advantage,” as Franchetti wrote at the time. “We will work towards these ends through two mutually reinforcing ways: implementing Project 33 and expanding the Navy’s contribution to the Joint warfighting ecosystem … By 2027, we will integrate proven robotic and autonomous systems for routine use by the commanders who will employ them.”

The Defense Department seems confident that the Navy’s robotic push will help prepare the US military for the possibility of war with China, but some seasoned military and defense observers have their misgivings. Van Riper points to Marine Corps’ Force Design 2030, a reorganization of the service ahead of a notional island-hopping conflict against China in the Pacific, as evidence that the Pentagon still hasn’t learned the right lessons from Millennium Challenge 2002.

The Marine Corps “was known for being an air-ground combined arms rapid-response deployed around the world,” Van Riper tells WIRED. “Now it has divested itself of every element of combined arms or reduced it, getting rid of its armor, breaching vehicles, mine clearing, and assault bridging capabilities, cutting its infantry and aviation, all to buy missiles and go on the defense in the Pacific. The Marine Corps got rid of existing capabilities in favor of unproven or undelivered capabilities.”

Indeed, the US military’s propensity to fixate on next-generation technology like drone boats as a one-size-fits-all combat solution may obscure those tactical lessons in combined arms evident in the Ukrainian campaign in the Red Sea, Van Riper says.

“You shouldn’t take the use of drones in isolation with what Ukraine is doing,” Van Riper says. “We presented the Navy fleet \[in Millennium Challenge 2002\] with multiple challenges, which is really what combined arms is. What you’re doing is presenting the enemy with a dilemma: If he tries to protect himself against threat A, he’s vulnerable to threat B, and with threats C, D, and E, he’s unable to handle it. In Ukraine, boats plus missiles and aircraft are more difficult for the Russians to respond to.”

“I’m not sure the US military today is equipped to learn from those things,” he adds. “I’m depressed from the leadership on all levels, particularly the naval services.”

The Rise of the Drone Boats

Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats…

Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and **cybersecurity threats** are more sophisticated than ever. Artificial intelligence (AI) has stepped in as the most powerful tool to combat these challenges, but it’s no longer just about automation; it’s about making real-time decisions that prevent losses before they happen.

The impact of AI in logistics is undeniable. Companies leveraging **AI in logistics and transportation** have reported up to a **30%** (PDF) reduction in delivery times and 12% lower fuel costs, while AI-driven fraud detection systems are cutting supply chain losses by 40%.

However, AI’s expansion into logistics has also **opened new vulnerabilities**, as cybercriminals are finding ways to manipulate automated systems, hack self-driving fleets, and disrupt global supply chains. AI is not just revolutionizing logistics, it’s becoming the next growing target for cyberattacks

****Cybersecurity Risks in AI-Powered Logistics****

As logistics companies increasingly rely on AI-driven automation, they also expose themselves to cyberattacks that target these very systems. One of the most infamous cyberattacks in supply chain history, the **NotPetya ransomware attack on Maersk**, cost the company over $300 million, bringing global shipping to a standstill. Similarly, hackers are now attempting to breach AI-driven warehouses, manipulate cargo tracking systems, and exploit self-driving vehicle software to reroute valuable shipments.

The rise of AI-powered fraud is another growing concern. Cybercriminals are using AI to predict shipment schedules, intercept high-value goods, and manipulate route optimization algorithms to misdirect cargo. In some cases, attackers have even **poisoned AI models**, feeding them false data to cause miscalculations in supply chain forecasting. Without proper cybersecurity measures, AI-driven logistics can become a liability instead of an asset.

****How AI is Strengthening Cybersecurity in Logistics****

Fortunately, AI is not just a target; it’s also a powerful defence against cyber threats in logistics. Companies are deploying AI to detect anomalies, prevent fraud, and monitor logistics networks for suspicious activity in real time.

**AI-powered fraud detection** systems now scan supply chains for unusual shipment patterns, unauthorized reroutes, and manipulated cargo tracking data, helping prevent cargo theft before it happens.

AI is also playing an important role in predicting and preventing ransomware attacks on logistics infrastructure. By analyzing behavioural data, AI-driven security platforms can identify possible cybersecurity threats before they execute, reducing the risk of supply chain-wide disruptions. With cybercrime damages **projected** to reach $10.5 trillion annually by 2025, logistics companies must integrate AI-driven security into their operations, or risk falling victim to cybercriminals.

****AI’s Role in Logistics Security and Cybercrime****

While AI is strengthening supply chain security, cybercriminals are also exploiting it to deploy **AI-powered hacking tools** to exploit vulnerabilities. One of the most concerning trends is adversarial AI attacks, where hackers could manipulate AI learning models to create errors in logistics decision-making.

These attacks may lead to mismatched shipments, delayed deliveries, and unnecessary fuel consumption, costing businesses millions. To fight these threats, logistics companies must deploy AI-driven cyber threat detection systems, ensuring that their own AI models cannot be compromised by external attacks.

****The Future of AI in Logistics: Security is Non-Negotiable****

The logistics industry is moving toward an AI-driven future, but without proper cybersecurity safeguards, AI itself can become a major risk. In the coming years, more and more supply chain platforms will be AI-driven, but these systems will need security frameworks to prevent AI manipulation and hacking. Regulations such as the **EU’s AI Act** are already enforcing strict compliance measures, requiring logistics companies to ensure AI security in automated transportation and warehouse operations.

Autonomous trucking is another area where AI security is becoming a priority. AI-driven self-driving fleets are expected to **reduce shipping costs** by 20-25%, but without proper cybersecurity protocols, they could be hacked to cause accidents, rerouted deliveries, or large-scale disruptions. Logistics leaders must now invest in AI-driven cybersecurity solutions to protect their fleets, warehouses, and digital infrastructure.

****AI in Logistics: The Difference Between Growth and Crisis****

AI is no longer just a tool for efficiency, it’s a critical component in protecting logistics companies from financial and cyber threats. Organizations that fail to secure their AI-powered logistics systems face significant risks, including multi-million-dollar cyberattacks, AI-driven fraud, and supply chain disruptions.

The companies that act now, investing in AI-powered security and fraud detection, will dominate the future of logistics. Those that don’t risk falling victim to cybercriminals who are already targeting AI-driven supply chains.

The question is no longer whether AI should be part of logistics, it’s whether companies can protect their AI systems before it’s too late.

1.  **Harnessing AI for Proactive Threat Intelligence**
2.  **Using AI in Business Security Decision-Making**
3.  **Why Many New AI Tools Aren’t Available In Europe?**
4.  **Top AI Trends of 2025 Businesses Should Be Ready For**
5.  **How Will Blockchain Technology Revolutionize Logistics?**

AI’s Role in Cutting Costs and Cybersecurity Threats in Logistics

Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.
"It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and

DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.
The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe!

**Cybersecurity info you can’t live without**

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Email Address

Latest News