Enterprise Security

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

News

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

When integrating applications with Microsoft Azure, administrators may encounter the error “AADSTS700054: response_type ‘id_token’ is not enabled...

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

News

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

Large Language Models (LLMs) are increasingly integrated into enterprise workflows, but a new attack vector—ASCII smuggling—exploits Unicode’s...

New Phishing Tactic Exploits Firebase to Steal Credentials

Threat Intelligence

New Phishing Tactic Exploits Firebase to Steal Credentials

Check Point Research has uncovered a sophisticated phishing campaign leveraging Google Firebase to host fraudulent pages mimicking...

GoldenJackal APT Breaches Air-Gapped Government Systems in Sophisticated Cyberespionage Campaign

APT-News

GoldenJackal APT Breaches Air-Gapped Government Systems in Sophisticated Cyberespionage Campaign

ESET Research has uncovered a series of cyberespionage campaigns conducted by the advanced persistent threat (APT) group...

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Blue-Team
CVE News

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Zoho Corporation has addressed a medium-severity authentication vulnerability (CVE-2025-1723) in ManageEngine ADSelfService Plus versions 6510 and earlier....

Hidden Threats in Microsoft 365 Backups: How Malware Lurks and Risks Reinfection

News

Hidden Threats in Microsoft 365 Backups: How Malware Lurks and Risks Reinfection

A recent study by Acronis Threat Research Unit reveals critical security gaps in Microsoft 365 backup data,...

IBM InfoSphere Information Server Vulnerability (CVE-2024-51459) Patched: Medium Risk, High Impact

CVE News
Exploitation

IBM InfoSphere Information Server Vulnerability (CVE-2024-51459) Patched: Medium Risk, High Impact

IBM has recently addressed a critical vulnerability in its IBM InfoSphere Information Server 11.7, as detailed in...

NCSC.nl Warns of Cl0p Ransomware Campaigns Targeting File Transfer Systems

Exploitation
Threat Intelligence

NCSC.nl Warns of Cl0p Ransomware Campaigns Targeting File Transfer Systems

The Nationaal Cyber Security Centrum (NCSC) of the Netherlands has issued a warning regarding a series of cyberattacks...

Dealing with the SolarWinds Orion Compromise: Immediate Actions for Organizations

APT-News
Data Breach

Dealing with the SolarWinds Orion Compromise: Immediate Actions for Organizations

The SolarWinds Orion compromise, disclosed in December 2020, remains one of the most significant cybersecurity incidents in...

Preventing Lateral Movement in Enterprise Networks: A Comprehensive Guide

Blue-Team
Red-Team
SIEM & Detection Engineering

Preventing Lateral Movement in Enterprise Networks: A Comprehensive Guide

Lateral movement is a technique used by attackers to navigate through a network after gaining initial access....

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

Exploitation

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

A critical privilege escalation vulnerability, CVE-2025-0628, has been identified in the BerriAI/litellm application. This flaw allows users...

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

Exploitation

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

A critical vulnerability, CVE-2024-9701, has been identified in the Kedro ShelveStore class (version 0.19.8), a component of...

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

Exploitation

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

A high-severity vulnerability, CVE-2024-9919, has been identified in the parisneo/lollms-webui software, specifically in version V13. This vulnerability...

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

Exploitation

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

TL;DR CVE-2025-2303: A critical vulnerability in the Block Logic WordPress plugin allows authenticated attackers with Contributor-level access...

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

Exploitation

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

TL;DR CVE-2024-9880: A high-severity command injection vulnerability in Apache Pandas’ DataFrame.query function. Affected Versions: All versions up...

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

Exploitation

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

A newly disclosed vulnerability, CVE-2025-0452, has been identified in the latest version of eosphoros-ai/DB-GPT, a popular database...

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

Exploitation

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

TL;DR CVE-2025-23120: A critical remote code execution (RCE) vulnerability in Veeam Backup & Replication. Severity: 9.9 (CRITICAL)...

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

News

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

TL;DR CVE-2025-30472: A critical stack-based buffer overflow vulnerability in Corosync (up to version 3.1.9). Severity: Rated 9.0...

Microsoft Trust Signing Service Abused to Code-Sign Malware

APT-News

Microsoft Trust Signing Service Abused to Code-Sign Malware

In a concerning development, cybercriminals have been abusing Microsoft’s Trusted Signing platform to code-sign malware executables with...

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

Exploitation

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

Next.js middleware, a cornerstone of modern web applications, faces a critical security threat. CVE-2025-29927 exposes a severe...

Posts pagination

Previous 1 … 10 11 12 13 14 Next

Enterprise Security

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

New Phishing Tactic Exploits Firebase to Steal Credentials

GoldenJackal APT Breaches Air-Gapped Government Systems in Sophisticated Cyberespionage Campaign

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

IBM InfoSphere Information Server Vulnerability (CVE-2024-51459) Patched: Medium Risk, High Impact

NCSC.nl Warns of Cl0p Ransomware Campaigns Targeting File Transfer Systems

Preventing Lateral Movement in Enterprise Networks: A Comprehensive Guide

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

Microsoft Trust Signing Service Abused to Code-Sign Malware

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

You may have missed

Russia’s Throttling of Cloudflare: Technical Impact and Security Implications

Livestreamed Child Exploitation: Technical and Legal Implications of a Disturbing Case

UNFI Cyberattack: Supply Chain Disruption and Recovery Analysis

Hawaiian Airlines Cyberattack: IT Systems Compromised, Flight Operations Unaffected