Latest Website Security Articles – May 24, 2025

Three zero-days could have allowed an attacker to completely compromise the Concerto application and the host system running it.

A DoorDash driver stole over $2. 5 million over several months:

The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office.

.

In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society’s most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account – and how a parental control accidentally saved the day.

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

As part of the latest “season” of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial or consolidating.

Learn how a self-adaptive GPU allocation framework that dynamically manages the computational needs of AI workloads of different assets/systems.

Every day, millions of applications seamlessly connect users to the digital services they need through DNS queries. These queries act as an interface to the internet’s address book, translating familiar domain names like amazon. com into the IP addresses that computers use to appropriately route traffic. The DNS landscape presents unique security challenges and opportunities in […].

Does this scenario sound familiar to you? You’re juggling budget constraints, regulatory demands, and an ever-growing attack surface. Your application security stack is a patchwork of tools that don’t integrate, while developers push code faster than security can keep up, and that’s without talking about the network and data security tools that you are responsible […].

U. S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its Known Exploited Vulnerabilities catalog. The U. S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung MagicINFO 9 Server vulnerability, tracked as CVE-2025-4632 (CVSS score of 9. 8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an improper limitation of a pathname […].

As the summer event season kicks off, venue managers and security firms aim to make AI part of the solution for keeping control of crowds and protecting against cyber-physical threats.

In response to a FOIA request, the NSA released “Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, with a lot of redactions.

Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a few less redactions. And nothing that was provided in 2019 was redacted here.

If you find anything interesting in the document, please tell us about it in the comments.

.

In episode 51 of The AI Fix, a Greek man’s marriage is destroyed after ChatGPT reads his coffee, a woman dumps her husband to marry an AI called Leo, and Graham wonders whether it’s time to upload his brain into a lunchbox-packing robot. Meanwhile, a humanoid robot goes full Michael Crawford in a Chinese factory, the UK government launches an AI to read angry public consultations, and Mark dreams of a world where robots finally have common sense – and swear like sailors. Plus Graham uncovers how AI is wrecking relationships and inventing soulmates, and Mark explains why Google’s Gemini-powered bots might be smarter, more dexterous, and more emotionally stable than most of your exes. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

The partnership rewards real-world, observable security controls, while removing the traditional barriers to insurance coverage.

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16. 4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how it works, and why it’s.

Modern enterprises face challenges balancing security with the operational needs. Cisco solves this with Cisco Hybrid Mesh Firewall.