Red-Team

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

CVE News

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Click Studios, the developer of the Passwordstate enterprise password manager, has issued an urgent warning to its...

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CVE News

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Citrix has released emergency patches for a critical remote code execution vulnerability, tracked as CVE-2025-7775, affecting its...

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

CVE News

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Git distributed...

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Red-Team

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

A new class of attack, exploiting the image preprocessing pipelines of multimodal AI systems, has been demonstrated...

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

CVE News

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

A critical vulnerability in Docker Desktop for Windows and macOS, designated CVE-2025-9074, has been patched after it...

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

CVE News

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Apple has released emergency security updates to address a zero-day vulnerability actively exploited in what the company...

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

CVE News

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

A newly disclosed class of vulnerabilities in browser extensions for major password managers exposes tens of millions...

Nebraska Cryptojacking Scheme Exploited Cloud Providers and Consent Frameworks for $3.5M Fraud

Red-Team

Nebraska Cryptojacking Scheme Exploited Cloud Providers and Consent Frameworks for $3.5M Fraud

A Nebraska man has been sentenced to one year in prison for orchestrating a $3.5 million cryptojacking...

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

CVE News

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

The Pennsylvania Attorney General’s Office (AGO) has confirmed a cyberattack that disrupted critical systems, including email services,...

Windows 11 August 2025 Updates: Security Patches and New Features

CVE News

Windows 11 August 2025 Updates: Security Patches and New Features

Microsoft has released cumulative updates KB5063878 and KB5063875 for Windows 11 versions 24H2 and 23H2, addressing 107...

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

CVE News

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Microsoft’s August 2025 Patch Tuesday addresses 107 security vulnerabilities, including one actively exploited zero-day in Windows Kerberos....

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

CVE News

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

As of August 2025, more than 3,300 Citrix NetScaler devices remain vulnerable to CitrixBleed 2 (CVE-2025-5777), a...

Over 29,000 Unpatched Exchange Servers at Risk of Domain Compromise via CVE-2025-53786

CVE News

Over 29,000 Unpatched Exchange Servers at Risk of Domain Compromise via CVE-2025-53786

More than 29,000 Microsoft Exchange servers remain vulnerable to CVE-2025-53786, a high-severity flaw (CVSS 8.0) that enables...

Gemini AI Hijacking via Poisoned Google Calendar Invites: Technical Breakdown

Red-Team

Gemini AI Hijacking via Poisoned Google Calendar Invites: Technical Breakdown

Google has patched a critical vulnerability that allowed attackers to remotely compromise Gemini AI agents through malicious...

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

CVE News

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

A critical WinRAR vulnerability, tracked as CVE-2025-8088, was actively exploited as a zero-day in phishing campaigns to...

GPT-5 Release: Security Implications and Technical Breakdown

Red-Team

GPT-5 Release: Security Implications and Technical Breakdown

OpenAI’s GPT-5 has officially launched, marking a significant leap in AI capabilities with its dual-model architecture and...

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

CVE News

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

Administrators and security teams are urged to patch CrushFTP servers immediately following active exploitation of a critical...

Gigabyte Motherboard UEFI Vulnerabilities Expose Systems to Persistent Bootkit Malware

CVE News

Gigabyte Motherboard UEFI Vulnerabilities Expose Systems to Persistent Bootkit Malware

Security researchers have identified critical vulnerabilities in Gigabyte motherboards that allow attackers to bypass Secure Boot and...

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

CVE News

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

Proof-of-concept (PoC) exploits for a critical SQL injection (SQLi) vulnerability in Fortinet FortiWeb have been publicly released,...

Gravity Forms Compromised in Supply-Chain Attack: Backdoored Plugins Distributed via Official Website

CVE News

Gravity Forms Compromised in Supply-Chain Attack: Backdoored Plugins Distributed via Official Website

The developers of Gravity Forms, a widely used WordPress plugin with over 1 million active installations, have...

Posts pagination

1 2 3 4 … 16 Next

Red-Team

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CISA Warns of Actively Exploited Git Code Execution Flaw in KEV Catalog

Image-Scaling Attacks: A New Vector for AI Prompt Injection and Data Exfiltration

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

Nebraska Cryptojacking Scheme Exploited Cloud Providers and Consent Frameworks for $3.5M Fraud

Pennsylvania Attorney General’s Office Disrupted by Citrix NetScaler Exploit

Windows 11 August 2025 Updates: Security Patches and New Features

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Over 3,000 NetScaler Devices Remain Unpatched Against CitrixBleed 2 Vulnerability

Over 29,000 Unpatched Exchange Servers at Risk of Domain Compromise via CVE-2025-53786

Gemini AI Hijacking via Poisoned Google Calendar Invites: Technical Breakdown

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

GPT-5 Release: Security Implications and Technical Breakdown

CrushFTP Zero-Day Exploited for Unauthenticated Admin Access: Technical Breakdown

Gigabyte Motherboard UEFI Vulnerabilities Expose Systems to Persistent Bootkit Malware

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

Gravity Forms Compromised in Supply-Chain Attack: Backdoored Plugins Distributed via Official Website

You may have missed

Google Issues Workarounds for ChromeOS Authentication Failures in Enterprise Environments

Microsoft Word’s Cloud-Centric Default: Security Implications and Enterprise Management Challenges

Passwordstate Authentication Bypass: A History of High-Severity Flaws and Hardening

Global Law Enforcement Intensifies Crackdown on Cybercrime Enablers with VerifTools Takedown