Security

As the world becomes increasingly reliant on technology, it’s essential for the next generation to develop skills that will prepare them for the future. This move reflects broader industry trends, where companies are investing heavily in AI and cybersecurity. Scouting America, one of the largest youth organizations in the United States, has taken a significant step in this direction by introducing artificial intelligence and cybersecurity merit badges. With over 1 million youth members, including nearly 200,000 female participants, Scouting America is committed to providing its members with relevant and modern skills. The new badges, which include the “AI merit badge” and the “cybersecurity merit badge,” will equip Scouts with essential knowledge and skills to navigate and protect the digital world. As Scouting America notes, “Both badges focus on real-world practice, not just reading about technology.” ...

The increasing reliance on AI-powered security systems in schools has raised concerns about their accuracy and potential consequences. A recent incident at Kenwood High School in Baltimore County, Maryland, highlights these concerns. “I was just holding a Doritos bag — it was two hands and one finger out, and they said it looked like a gun,” said Taki Allen, a student who was handcuffed and searched after the AI system flagged his snack as a possible firearm. ...

As the AI landscape continues to evolve, the need for secure and confidential computing has become a top priority. This move reflects broader industry trends towards prioritizing data protection and security in cloud computing. At the OpenInfra Summit Europe 2025, NVIDIA emphasized the importance of combining Kata Containers with Confidential Computing to preserve bare-metal GPU performance while preventing cloud operators from inspecting sensitive model and data. Kata Containers, an open-source project, provides lightweight VMs for containers, using hardware virtualization technology to launch a separate VM for each container. This approach offers the performance benefits of containers along with the security and workload isolation of VMs. Confidential Computing, on the other hand, brings in-memory data and application encryption, ensuring that even the cloud provider cannot access sensitive information. ...

As the AI landscape continues to evolve, enterprises are faced with a daunting challenge: how to harness the power of artificial intelligence without compromising security. This move reflects broader industry trends, where companies are struggling to balance the benefits of AI with the risks of data breaches and cyber threats. According to a recent MIT report, 95% of generative AI pilots at companies are failing, highlighting the need for a secure and reliable solution. ...

Unity Technologies has issued an urgent warning to developers after discovering a critical security vulnerability that has existed undetected in its game engine for almost a decade. The flaw, affecting multiple Unity versions dating back to 2016, could allow attackers to execute arbitrary code, compromise projects, or gain unauthorized access to player data. According to Unity’s security bulletin, the vulnerability lies in how the engine handles certain asset bundle imports and shader compilation processes. Maliciously crafted files could exploit the flaw to inject harmful code, posing a major threat to developers who build or run unverified Unity projects. The company has labeled the issue as high severity and strongly advised all users to apply the latest patches immediately. ...

OnePlus Phones Hit by SMS Security Flaw in OxygenOS (TheVerge) Security researchers at Rapid7 have uncovered a serious vulnerability in OnePlus phones running OxygenOS, tracked as CVE-2025-10184. The flaw, if exploited, could allow attackers to hijack user accounts through malicious SMS messages. What’s the problem? The bug lies in OxygenOS’s built-in SMS handling system. Crafted SMS messages can trick the device into executing unintended actions. Attackers could exploit the flaw to: Bypass authentication. Hijack user accounts tied to phone numbers. Launch phishing or malware campaigns by leveraging the trusted device. This makes it especially dangerous for users who rely on SMS for two-factor authentication (2FA). ...

Cisco Warns of Zero‑Day Vulnerability Actively Exploited in iOS Software Cisco has alerted users about a zero-day vulnerability (CVE‑2025‑20352) in its IOS and IOS XE software, which attackers are actively exploiting. What’s the issue? The flaw lies in the SNMP subsystem (Simple Network Management Protocol) and can be triggered via crafted SNMP packets. It’s a stack overflow bug. Severity score: 7.7 / 10 (High) If exploited: Low‑privilege attackers might trigger a Denial of Service (DoS). High‑privilege attackers (with administrative rights) could execute arbitrary code as root, fully compromising the device. Exploitation requires valid SNMP credentials (v1/v2c read-only or SNMPv3 + admin privileges). The vulnerability affects all devices running vulnerable IOS / IOS XE versions, including Meraki MS390 and Cisco Catalyst 9300 switches running Meraki CS 17. Mitigation & Patch Cisco has released a patch. Users are strongly urged to apply it immediately, as active exploitation is already occurring. There is no known full workaround. Cisco recommends using temporary mitigations: Restrict SNMP access (limit which IPs/networks can query). Use strong SNMPv3 credentials. Monitor logs for suspicious SNMP activity. Source: https://www.techradar.com/pro/security/cisco-warns-zero-day-vulnerability-exploited-in-attacks-on-ios-software ...