API Security

Data Privacy and Cybersecurity Challenges in Smart Construction Platforms

News

Data Privacy and Cybersecurity Challenges in Smart Construction Platforms

As digital transformation accelerates across industries, smart construction platforms and intelligent buildings are becoming prime targets for...

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Threat Intelligence

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Cybersecurity researchers have uncovered a campaign involving hijacked npm packages, some over nine years old, that were...

Indonesian E-Learning Platform Reportedly Targeted in Cybersecurity Incident

News

Indonesian E-Learning Platform Reportedly Targeted in Cybersecurity Incident

Reports indicate that a prominent Indonesian educational technology platform may have been the target of a cybersecurity...

Docker Remote API Servers Targeted by perfctl Malware in New Attack Wave

News

Docker Remote API Servers Targeted by perfctl Malware in New Attack Wave

Security researchers have uncovered a new campaign targeting misconfigured Docker Remote API servers, where attackers deploy the...

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

CVE News

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

Vercel has resolved a significant security flaw in Next.js middleware authentication, which could have allowed attackers to...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

A newly discovered critical vulnerability (CVE-2025-2726) affecting multiple H3C Magic series routers allows remote attackers to execute...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

A critical security vulnerability affecting multiple H3C Magic series routers has been identified, allowing remote attackers to...

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Security Tools & Research

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Mass-Assigner is a newly released open-source security tool that helps organizations identify mass assignment vulnerabilities in web...

Web Application Penetration Testing: Key Methodologies and Tools for Enterprise Security

News

Web Application Penetration Testing: Key Methodologies and Tools for Enterprise Security

In today’s digital landscape where web applications form the core of business operations, penetration testing has become...

Mobile App Pentesting: A Critical Need in Cybersecurity

News

Mobile App Pentesting: A Critical Need in Cybersecurity

Mobile applications have become central to daily operations, from banking transactions to enterprise communications. However, this reliance...

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

News

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

When integrating applications with Microsoft Azure, administrators may encounter the error “AADSTS700054: response_type ‘id_token’ is not enabled...

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

News

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

Large Language Models (LLMs) are increasingly integrated into enterprise workflows, but a new attack vector—ASCII smuggling—exploits Unicode’s...

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

Exploitation

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

Next.js middleware, a cornerstone of modern web applications, faces a critical security threat. CVE-2025-29927 exposes a severe...

API Security

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Indonesian E-Learning Platform Reportedly Targeted in Cybersecurity Incident

Docker Remote API Servers Targeted by perfctl Malware in New Attack Wave

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Web Application Penetration Testing: Key Methodologies and Tools for Enterprise Security

Mobile App Pentesting: A Critical Need in Cybersecurity

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

You may have missed

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

WpTravelly Plugin Vulnerability Exposes WordPress Sites to Object Injection Attacks

Critical SQL Injection Vulnerability in WooCommerce Order Splitter Plugin (CVE-2025-31089)