cybersecurity

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

Exploitation

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

TL;DR CVE-2024-9880: A high-severity command injection vulnerability in Apache Pandas’ DataFrame.query function. Affected Versions: All versions up...

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

Exploitation

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

A newly disclosed vulnerability, CVE-2025-0452, has been identified in the latest version of eosphoros-ai/DB-GPT, a popular database...

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

Exploitation

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

TL;DR CVE-2025-23120: A critical remote code execution (RCE) vulnerability in Veeam Backup & Replication. Severity: 9.9 (CRITICAL)...

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

News

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

TL;DR CVE-2025-30472: A critical stack-based buffer overflow vulnerability in Corosync (up to version 3.1.9). Severity: Rated 9.0...

Microsoft Trust Signing Service Abused to Code-Sign Malware

APT-News

Microsoft Trust Signing Service Abused to Code-Sign Malware

In a concerning development, cybercriminals have been abusing Microsoft’s Trusted Signing platform to code-sign malware executables with...

CVE-2024-9847 – FlatPress CMS CSRF Attack

Exploitation

CVE-2024-9847 – FlatPress CMS CSRF Attack

A critical vulnerability, CVE-2024-9847, has been identified in FlatPress CMS, a lightweight blogging platform. The flaw, classified...

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

APT-News

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

In a significant cybersecurity development, Kaspersky has uncovered evidence suggesting that two known threat activity clusters, Head...

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

Fig. 1 – A screenshot showing the results of Get-InjectedThreadEx scanning a process into which a 4.11 Beacon has just been injected.

C2-Updates

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

DNS Over HTTPS Beacon The new DoH implementation blends DNS C2 with legitimate web traffic: Default configuration...

CVE-2025-29927 – Next.js Authorization Bypass in Middleware

Exploitation

CVE-2025-29927 – Next.js Authorization Bypass in Middleware

Vulnerability: A critical authorization bypass flaw (CVE-2025-29927) has been identified in Next.js, a popular React framework. Severity:...

Posts pagination

Previous 1 … 9 10 11 12

cybersecurity

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

Microsoft Trust Signing Service Abused to Code-Sign Malware

CVE-2024-9847 – FlatPress CMS CSRF Attack

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

CVE-2025-29927 – Next.js Authorization Bypass in Middleware

You may have missed

Trump Administration Considers TikTok Deal Allowing Chinese Algorithm Ownership

How Intezer’s AI SOC Balances Automation with Human Expertise

How Security Platformization Improves Threat Response and Operational Efficiency

World Backup Day: Essential Strategies for Enterprise Data Protection