Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert tied to a regex vulnerability, adjusts OAuth redirect handling to match a recent Microsoft change, and ships fixes across IMAP, SMTP, CalDAV, and CardDAV subsystems. A regex replacement closes a security alert The security change replaces a regular expression in the replaceIcal4Principal method with simple substring calls, resolving a … More →
The post DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend appeared first on Help Net Security.
Basic-Fit, a European gym chain, disclosed that hackers breached one of its internal systems, exposing members’ personal data in several countries. The company operates more than 2,150 clubs in 12 countries under two brands, with more than 5.8 million members. “The unauthorised access was detected by our system monitoring processes and was stopped within minutes of discovery. The members whose data is involved have been informed,” the company said in a statement. An investigation by … More →
The post Basic-Fit hack compromises data of up to 1 million members appeared first on Help Net Security.
You must login to view this content
You must login to view this content
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
DataVisor has announced Vera, a suite of conversational AI agents designed to combat financial crime. Vera enables institutions to manage risk using natural language, allowing teams to issue instructions that AI agents execute across the fraud and AML lifecycle. By reducing manual workflows, the platform supports a more efficient and adaptive operating model for modern financial crime prevention. Fraudsters are weaponizing AI, scaling attacks, and exploiting vulnerabilities faster than humans can respond. DataVisor’s 2026 Fraud … More →
The post DataVisor brings conversational AI agents to fraud and AML operations appeared first on Help Net Security.