-
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files. “When extracting a file,
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Staff at the State Department’s Office of Countering Violent Extremism and Bureau of Conflict and Stabilization Operations, which led U.S. anti-violent extremism efforts, were laid off, the units shuttered, on July 11.
This dismantling of the country’s terrorism- and extremism-prevention programs began in February. That’s when staff of USAID’s Bureau of Conflict Prevention and Stabilization were put on leave.
In March, the Center for Prevention Programs and Partnerships at the Department of Homeland Security, which worked during the Biden administration to prevent terrorism with a staff of about 80 employees, laid off about 30% of its staff. Additional cuts to the center’s staff were made in June.
And on July 11, the countering violent extremism team at the U.S. Institute of Peace, a nonpartisan organization established by Congress, was laid off. The fate of the institute is pending legal cases and congressional funding.
President Donald Trump in February had called for nonstatutory components and functions of certain government entities, including the U.S. Institute of Peace, to “be eliminated to the maximum extent consistent with applicable law.”
These cuts have drastically limited the U.S. government’s terrorism prevention work. What remains of the U.S. capability to respond to terrorism rests in its military and law enforcement, which do not work on prevention. They react to terrorist events after they happen.
As a political scientist who has worked on prevention programs for USAID, the U.S. Institute for Peace, and as an evaluator of the U.S. strategy that implemented the Global Fragility Act, I believe recent Trump administration cuts to terrorism prevention programs risk setting America’s counterterrorism work back into a reactive, military approach that has proven ineffective in reducing terrorism.
Between 9/11 and 2021, the cost of the U.S. war on terrorism was $8 trillion and 900,000 deaths, according to a Brown University study. Nonetheless, terrorism has continued to expand in geographic reach, diversity and deadliness.
Though it was territorially defeated in Syria in 2019, the Islamic State – designated a designated a foreign terrorist organization by the U.S. government – has expanded globally, especially in Africa. Its nine affiliates on the continent have joined several al-Qaida-linked groups such as al-Shabab.
The Islamic State has expanded through a decentralized model of operations. It has networks of affiliates that operate semi-autonomously and exploit areas of weak governance in places such as Mali and Burkina Faso. That makes them difficult to defeat militarily.
These terrorist organizations threaten the U.S. through direct attacks, such as the ISIS-linked attack in New Orleans on Jan. 1, 2025, that killed 14 people.
These groups also disrupt the global economy, such as Houthi attacks on trade routes in the Red Sea.
To understand why terrorism and extremism continue to grow, and to examine what could be done, Congress charged the U.S. Institute of Peace in 2017 to convene the Task Force on Extremism in Fragile States.
This bipartisan task force found that while the U.S. military had battlefield successes, “after each supposed defeat, extremist groups return having grown increasingly ambitious, innovative, and deadly.”
The task force recommended prioritizing and investing in prevention efforts. Those include strengthening the ability of governments to provide social services and helping communities identify signs of conflict – and helping to provide tools to effectively respond when they see the signs.
The report contributed to the Global Fragility Act, which Trump signed in 2019 to fund $1.5 billion over five years of prevention work in places such as Libya, Mozambique and coastal West Africa.
Programs funded by the Global Fragility Act included USAID’s Research for Peace, which monitored signs of terrorism recruitment, trained residents in Côte d'Ivoire on community dialogue to resolve disputes, and worked with local leaders and media to promote peace. All programming under the act has shut down due to the elimination of prevention offices and bureaus.
The State Department issued a call for funding in July 2025 for a contractor to work on preventing terrorists from recruiting young people online. It stated: “In 2024, teenagers accounted for up to two-thirds of ISIS-linked arrests in Europe, with children as young as 11 involved in recent terrorist plots.”
In the same month, the department canceled the program due to a loss of funding.
It’s the kind of program that the now defunct Office of Countering Violent Extremism would have overseen. The government evidently recognizes the need for prevention work. But it dismantled the expertise and infrastructure required to design and manage such responses.
The work done within the prevention infrastructure wasn’t perfect. But it was highly specialized, with expertise built over 2½ decades.
Chris Bosley, a former interim director of the violence and extremism program at the U.S. Institute of Peace who was laid off in July, told me recently, “Adequate investment in prevention programs isn’t cheap, but it’s a hell of a lot cheaper than the decades of failed military action, and more effective than barbed wire – tools that come too late, cost too much, and add fuel to the very conditions that perpetuate the threats they’re meant to address.”
For now, the U.S. has lost a trove of counterterrorism expertise. And it has removed the guardrails – community engagement protocols and conflict prevention programs – that helped avoid the unintended consequences of U.S. military responses.
Without prevention efforts, we risk repeating some of the harmful outcomes of the past. Those include military abuses against civilians, prisoner radicalization in detention facilities and the loss of public trust, such as what happened in Guantanamo Bay, in Bagram, Afghanistan, and at various CIA black sites during the George W. Bush administration.
Counterterrorism prevention experts expect terrorism to worsen. Dexter Ingram, the former director of the State Department’s Office of Countering Violent Extremism who was laid off in July, told me: “It seems like we’re now going to try shooting our way out of this problem again, and it’s going to make the problem worse.”
Rebuilding a prevention-focused approach with expertise will require political will and bipartisan support.
U.S. Reps. Sara Jacobs, a Democrat from California, and Mike McCaul, a Texas Republican, have introduced a bill that would reauthorize the Global Fragility Act, extending it until 2030. It would allow the U.S. government to continue preventing conflicts, radicalization and helping unstable countries. The measure would also improve the way various government agencies collaborate to achieve these goals.
But its success hinges on securing funding and restoring or creating new offices with expert staff that can address the issues that lead to terrorism.
This analysis was developed with research contributions from Saroy Rakotoson and Liam Painter at Georgetown University.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
]]>
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON 33 security conference today. “As we
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft’s Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server. The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage spoofing bug
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. “This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system,” Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News. The
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered multiple security flaws in Dell’s ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware. The vulnerabilities have been codenamed
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
·
Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them. The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted, and
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Pentagon wants a secure digital space to easily share classified information with allies and partners. But antiquated policies and fluid dynamics of military diplomacy have made that very challenging.
“Overall, we've done a fairly good job of rolling out cloud capabilities to the [Impact Level] 4 or 5 [unclassified] environment and to the IL 6 [classified] environment,” said John Hale, the Defense Information Systems Agency’s head of product management and development Thursday at Defense One’s Cloud Workshop event. “But where we kind of missed the ball…would be in that coalition world—at the IL 6 level. And so, we're putting a lot of focus right now on how do we solve the cloud capability related specifically to the coalition mission partners at the classified level.”
The Defense Department has been working to simplify the piles of networks military services and combatant commands use to communicate with allies and partners in the Indo-Pacific region with the cloud-based mission partner environment, or MPE. One of the main hurdles is navigating strategic partnerships in which a nation agrees to work with the U.S., but isn’t necessarily an ally by treaty.
“It's not just the Five Eyes mission partners that we've had traditionally. A lot of those coalition networks are with what we would call non-traditional mission partners,” Hale said. “They're our ally right now, and we're working with them on a declassified level. They may not be our ally in six months, but we need to be able to deal with that [data] and manage it appropriately. So we're spending a lot of time and effort right now to focus on how we specifically solve that.”
MPE’s initial rollout is currently confined to the Indo-Pacific, but there’s opportunity to expand.
“INDOPACOM was the primary use case that started all this. We're working very closely with the services on this also,” Hale said. “If it does what we all believe it will do…then we'll roll it out to other theaters.”
But policies and cultural differences also complicate implementing the MPE more broadly.
“We're continuing to battle policies that were written 20 years ago, when networks and capabilities just weren't where they are today,” Hale said. “We were joking upstairs that…the only secure computer is one that's off and unplugged, right? And so we deal in a world where we can't do that. Therefore, we need to provide as much capability around that data and those systems to secure as possible, but without sacrificing function.”
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers are drawing attention to a new campaign that’s using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign. The activity involves the creation of lookalike sites imitating Brazil’s State
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
