News

How to Configure Microsoft Outlook 365’s ‘Report Phishing’ Add-in for NCSC’s SERS

Blue-Team
Threat Intelligence

How to Configure Microsoft Outlook 365’s ‘Report Phishing’ Add-in for NCSC’s SERS

In the ever-evolving landscape of cybersecurity, phishing attacks remain one of the most pervasive threats to organizations...

Cybersecurity for Major Events: Protecting Global Gatherings in the Digital Age

News

Cybersecurity for Major Events: Protecting Global Gatherings in the Digital Age

Major events, such as international sporting competitions, cultural festivals, and large-scale conferences, are increasingly becoming targets for...

Dealing with the SolarWinds Orion Compromise: Immediate Actions for Organizations

APT-News
Data Breach

Dealing with the SolarWinds Orion Compromise: Immediate Actions for Organizations

The SolarWinds Orion compromise, disclosed in December 2020, remains one of the most significant cybersecurity incidents in...

NCSC Warns of Cryptojacking: How Malicious Software is Exploiting Devices for Illicit Cryptocurrency Mining

Blue-Team
Exploitation

NCSC Warns of Cryptojacking: How Malicious Software is Exploiting Devices for Illicit Cryptocurrency Mining

The National Cyber Security Centre (NCSC) has issued a warning about the increasing use of malicious software...

Network Security Fundamentals: Essential Strategies for Protecting Your Network

Blue-Team
Red-Team

Network Security Fundamentals: Essential Strategies for Protecting Your Network

In today’s rapidly evolving digital landscape, network security has become a cornerstone of organizational resilience. As networks...

Securing Operational Technology (OT) Environments: A Comprehensive Guide for Cybersecurity Professionals

Blue-Team
Threat Intelligence

Securing Operational Technology (OT) Environments: A Comprehensive Guide for Cybersecurity Professionals

Operational Technology (OT) systems are the backbone of critical infrastructure, from manufacturing plants to power grids. As...

Maximizing Penetration Testing: A Comprehensive Guide for Cybersecurity Professionals

Blue-Team
Exploitation

Maximizing Penetration Testing: A Comprehensive Guide for Cybersecurity Professionals

Penetration testing, often referred to as pentesting, is a critical component of modern cybersecurity strategies. It involves...

Preventing Lateral Movement in Enterprise Networks: A Comprehensive Guide

Blue-Team
Red-Team
SIEM & Detection Engineering

Preventing Lateral Movement in Enterprise Networks: A Comprehensive Guide

Lateral movement is a technique used by attackers to navigate through a network after gaining initial access....

Cyber Essentials ‘Pathways’: A New Approach to Cybersecurity Certification for Large Organizations

Cyber Laws & Regulations

Cyber Essentials ‘Pathways’: A New Approach to Cybersecurity Certification for Large Organizations

The UK’s National Cyber Security Centre (NCSC) is taking a significant step forward in cybersecurity certification with...

Introducing PDNS for Schools: A Free Cybersecurity Solution to Protect UK Education

Blue-Team
Red-Team
Security Tools & Research
Threat Intelligence

Introducing PDNS for Schools: A Free Cybersecurity Solution to Protect UK Education

In an era where schools increasingly rely on digital tools for education, cybersecurity threats have become a...

CVE-2025-2691: High-Severity SSRF Vulnerability in Nossrf Package

Blue-Team
CVE News
Exploitation
Red-Team
Threat Intelligence

CVE-2025-2691: High-Severity SSRF Vulnerability in Nossrf Package

A critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-2691) has been identified in the nossrf package, affecting versions...

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

Bug Bounties & Responsible Disclosure
Cyber Laws & Regulations
Exploitation
Malware Analysis
Red-Team
SIEM & Detection Engineering

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

A critical vulnerability, CVE-2025-2609, has been identified in MagnusSolution’s MagnusBilling software, a widely used billing and call...

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

Exploitation

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

A high-severity vulnerability, CVE-2024-9880, has been identified in the Apache Pandas library, a cornerstone of data analysis...

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

Exploitation

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

A critical privilege escalation vulnerability, CVE-2025-0628, has been identified in the BerriAI/litellm application. This flaw allows users...

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

Exploitation

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

A critical vulnerability, CVE-2024-9701, has been identified in the Kedro ShelveStore class (version 0.19.8), a component of...

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

Exploitation

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

A high-severity vulnerability, CVE-2024-9919, has been identified in the parisneo/lollms-webui software, specifically in version V13. This vulnerability...

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

Exploitation

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

TL;DR CVE-2025-2303: A critical vulnerability in the Block Logic WordPress plugin allows authenticated attackers with Contributor-level access...

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

Exploitation

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

TL;DR CVE-2024-9880: A high-severity command injection vulnerability in Apache Pandas’ DataFrame.query function. Affected Versions: All versions up...

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

Exploitation

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

A newly disclosed vulnerability, CVE-2025-0452, has been identified in the latest version of eosphoros-ai/DB-GPT, a popular database...

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

Exploitation

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

TL;DR CVE-2025-23120: A critical remote code execution (RCE) vulnerability in Veeam Backup & Replication. Severity: 9.9 (CRITICAL)...

Red-Team News

How to Configure Microsoft Outlook 365’s ‘Report Phishing’ Add-in for NCSC’s SERS

Cybersecurity for Major Events: Protecting Global Gatherings in the Digital Age

Network Security Fundamentals: Essential Strategies for Protecting Your Network

Securing Operational Technology (OT) Environments: A Comprehensive Guide for Cybersecurity Professionals

Maximizing Penetration Testing: A Comprehensive Guide for Cybersecurity Professionals

Preventing Lateral Movement in Enterprise Networks: A Comprehensive Guide

Cyber Essentials ‘Pathways’: A New Approach to Cybersecurity Certification for Large Organizations

CVE-2025-2691: High-Severity SSRF Vulnerability in Nossrf Package

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

You may have missed

Trump Administration Considers TikTok Deal Allowing Chinese Algorithm Ownership

How Intezer’s AI SOC Balances Automation with Human Expertise

How Security Platformization Improves Threat Response and Operational Efficiency

World Backup Day: Essential Strategies for Enterprise Data Protection