News

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

Blue-Team

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

A recent investigation by Trend Micro’s Managed XDR team uncovered a sophisticated web shell attack targeting Internet...

Earth Preta Evades Detection by Blending Legitimate and Malicious Tools

APT-News

Earth Preta Evades Detection by Blending Legitimate and Malicious Tools

The advanced persistent threat (APT) group Earth Preta, also known as Mustang Panda, has refined its evasion...

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

CVE News

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

Vercel has resolved a significant security flaw in Next.js middleware authentication, which could have allowed attackers to...

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

CVE News

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

NetApp has resolved a critical privilege escalation vulnerability (NCSC-2025-0097) in its SnapCenter backup management platform, which could...

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

A newly disclosed critical vulnerability (CVE-2025-1097) in Kubernetes’ Ingress-Nginx controller enables attackers to execute arbitrary code and...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

A newly discovered high-severity vulnerability (CVE-2025-1098) in Kubernetes’ Ingress-Nginx controller allows attackers to execute arbitrary code and...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

A critical security vulnerability (CVE-2025-1974) in Kubernetes’ ingress-nginx controller has been disclosed, allowing unauthenticated attackers with pod...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

A newly disclosed high-severity vulnerability (CVE-2025-24514) in Kubernetes’ ingress-nginx controller enables attackers to execute arbitrary code and...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

A newly discovered critical vulnerability (CVE-2025-2726) affecting multiple H3C Magic series routers allows remote attackers to execute...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2728) Puts Networks at Risk

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2728) Puts Networks at Risk

A critical command injection vulnerability (CVE-2025-2728) affecting H3C Magic NX30 Pro and NX400 routers has been identified,...

Critical Command Injection Vulnerability in H3C Magic NX30 Pro Routers (CVE-2025-2727)

CVE News

Critical Command Injection Vulnerability in H3C Magic NX30 Pro Routers (CVE-2025-2727)

A critical security vulnerability (CVE-2025-2727) has been identified in H3C Magic NX30 Pro routers running firmware versions...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2729): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2729): What Security Teams Need to Know

A critical vulnerability (CVE-2025-2729) has been identified in multiple H3C Magic series routers, exposing them to remote...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

A critical security vulnerability affecting multiple H3C Magic series routers has been identified, allowing remote attackers to...

PIP-INTEL: The Python-Powered OSINT Tool for Cybersecurity Teams

News

PIP-INTEL: The Python-Powered OSINT Tool for Cybersecurity Teams

PIP-INTEL is a Python-based Open Source Intelligence (OSINT) tool designed to streamline reconnaissance and threat intelligence workflows...

Extrude: Open-Source Binary Analysis Tool for Security Teams

News

Extrude: Open-Source Binary Analysis Tool for Security Teams

Security teams now have access to a powerful new open-source tool for analyzing binary security posture. Extrude...

VulnNodeApp: A Purposefully Vulnerable Node.js Application for Security Training

News

VulnNodeApp: A Purposefully Vulnerable Node.js Application for Security Training

VulnNodeApp serves as an intentionally vulnerable Node.js application specifically designed for security education and training purposes. This...

Ashok OSINT Reconnaissance Tool: The Swiss Army Knife for Security Professionals

Security Tools & Research

Ashok OSINT Reconnaissance Tool: The Swiss Army Knife for Security Professionals

Ashok has emerged as a powerful open-source OSINT reconnaissance tool that consolidates multiple information-gathering capabilities into a...

ModTracer: Open-Source Tool Detects Hidden Linux Kernel Rootkits

Security Tools & Research

ModTracer: Open-Source Tool Detects Hidden Linux Kernel Rootkits

A new open-source security tool called ModTracer provides critical visibility into Linux Kernel Module (LKM) rootkits that...

Imperius: Exposing Hidden Linux Kernel Rootkits for Security Teams

Red-Team

Imperius: Exposing Hidden Linux Kernel Rootkits for Security Teams

A new tool called Imperius has emerged, designed to detect and expose Linux Kernel Module (LKM) rootkits...

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Security Tools & Research

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Mass-Assigner is a newly released open-source security tool that helps organizations identify mass assignment vulnerabilities in web...

Red-Team News

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

Earth Preta Evades Detection by Blending Legitimate and Malicious Tools

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2728) Puts Networks at Risk

Critical Command Injection Vulnerability in H3C Magic NX30 Pro Routers (CVE-2025-2727)

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2729): What Security Teams Need to Know

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

PIP-INTEL: The Python-Powered OSINT Tool for Cybersecurity Teams

Extrude: Open-Source Binary Analysis Tool for Security Teams

VulnNodeApp: A Purposefully Vulnerable Node.js Application for Security Training

Ashok OSINT Reconnaissance Tool: The Swiss Army Knife for Security Professionals

ModTracer: Open-Source Tool Detects Hidden Linux Kernel Rootkits

Imperius: Exposing Hidden Linux Kernel Rootkits for Security Teams

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

You may have missed

Trump Administration Considers TikTok Deal Allowing Chinese Algorithm Ownership

How Intezer’s AI SOC Balances Automation with Human Expertise

How Security Platformization Improves Threat Response and Operational Efficiency

World Backup Day: Essential Strategies for Enterprise Data Protection