Red-Team

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

CVE News

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

ASUS has issued an urgent security advisory addressing multiple critical vulnerabilities, including a severe authentication bypass flaw...

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

CVE News

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

Grafana Labs has issued a critical security advisory for its Enterprise product, warning of a maximum severity...

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

CVE News

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

Google has released an emergency security update for its Chrome browser to address CVE-2025-13223, a high-severity type...

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

CVE News

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

A critical security vulnerability in the XWiki Platform, tracked as CVE-2025-24893, is now being actively exploited by...

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

CVE News

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

ASUS has issued a security advisory concerning a critical authentication bypass vulnerability, tracked as CVE-2025-59367, affecting several...

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

CVE News

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

A critical vulnerability in Gladinet’s Triofox file-sharing platform has been actively exploited by threat actors to bypass...

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

CVE News

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

SAP has released its November 2025 security updates, a critical patch batch addressing 18 new security notes...

Critical Authentication Bypass in Service Finder WordPress Theme Actively Exploited

CVE News

Critical Authentication Bypass in Service Finder WordPress Theme Actively Exploited

A critical security vulnerability in the Service Finder WordPress theme and its accompanying Bookings plugin is being...

Google’s AI Bug Bounty Program: A Technical Analysis for Security Professionals

Bug Bounties & Responsible Disclosure

Google’s AI Bug Bounty Program: A Technical Analysis for Security Professionals

Google has formally launched a dedicated AI Vulnerability Reward Program (AI VRP), creating a structured channel for...

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

CVE News

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, is being actively...

Zeroday Cloud Hacking Contest Unites Tech Giants with $4.5 Million Bounty Pool

Bug Bounties & Responsible Disclosure

Zeroday Cloud Hacking Contest Unites Tech Giants with $4.5 Million Bounty Pool

A new hacking competition called Zeroday Cloud has announced a total prize pool of $4.5 million in...

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

CVE News

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

The Redis security team has issued patches for a critical, maximum-severity vulnerability that enables authenticated attackers to...

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

CVE News

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

A significant security vulnerability, tracked as CVE-2025-59489, has been identified within the Unity game engine, posing a...

Zimbra Zero-Day Exploited via Malicious iCalendar Files

CVE News

Zimbra Zero-Day Exploited via Malicious iCalendar Files

Security researchers have identified a new zero-day attack campaign targeting Zimbra Collaboration Suite (ZCS) that leverages malicious...

CometJacking: How Indirect Prompt Injection Compromised Perplexity’s AI Browser

Red-Team

CometJacking: How Indirect Prompt Injection Compromised Perplexity’s AI Browser

A newly documented attack method, termed “CometJacking,” exploits a fundamental security weakness in Perplexity’s AI-powered Comet browser,...

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

CVE News

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

Networking hardware manufacturer DrayTek is confronting a significant security crisis involving multiple vulnerabilities in its Vigor router...

HackerOne’s $81 Million Bug Bounty Payout Signals AI Security Surge

Bug Bounties & Responsible Disclosure

HackerOne’s $81 Million Bug Bounty Payout Signals AI Security Surge

The bug bounty ecosystem is experiencing unprecedented growth, with HackerOne announcing it paid out $81 million in...

Western Digital Patches Critical My Cloud Command Injection Vulnerability

CVE News

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Western Digital has released firmware updates to address a critical-severity vulnerability in multiple My Cloud Network Attached...

OpenAI’s Dynamic Safety Routing: A Technical Analysis of GPT-4o’s New Guardrails

Red-Team

OpenAI’s Dynamic Safety Routing: A Technical Analysis of GPT-4o’s New Guardrails

Recent user observations of GPT-4o conversations being unexpectedly rerouted to an unknown model have been confirmed as...

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

CVE News

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, was actively exploited...

Posts pagination

1 2 3 4 … 17 Next

Red-Team

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

Critical Authentication Bypass in Service Finder WordPress Theme Actively Exploited

Google’s AI Bug Bounty Program: A Technical Analysis for Security Professionals

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

Zimbra Zero-Day Exploited via Malicious iCalendar Files

CometJacking: How Indirect Prompt Injection Compromised Perplexity’s AI Browser

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

HackerOne’s $81 Million Bug Bounty Payout Signals AI Security Surge

Western Digital Patches Critical My Cloud Command Injection Vulnerability

OpenAI’s Dynamic Safety Routing: A Technical Analysis of GPT-4o’s New Guardrails

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

You may have missed

Australian Man Sentenced for “Evil Twin” WiFi Attacks Targeting Airports and Flights

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

GreyNoise IP Check: A Free Tool for Botnet Detection and IP Reputation Monitoring

OBR Enlists Cyber Expert Following Accidental Pre-Budget Data Leak