RCE

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

Threat Intelligence

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

A novel twist in the ongoing ClickFix malware campaigns has security researchers observing the abuse of the...

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

CVE News

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

ASUS has issued a security advisory concerning a critical authentication bypass vulnerability, tracked as CVE-2025-59367, affecting several...

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

Threat Intelligence

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

A significant security threat has been identified within the consumer Internet of Things (IoT) market, specifically targeting...

DanaBot Malware Resurfaces with New Infrastructure After Law Enforcement Takedown

Malware Analysis

DanaBot Malware Resurfaces with New Infrastructure After Law Enforcement Takedown

The DanaBot malware operation has resumed its malicious activities, deploying a new version in active campaigns just...

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

CVE News

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

A critical vulnerability in Gladinet’s Triofox file-sharing platform has been actively exploited by threat actors to bypass...

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

CVE News

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

SAP has released its November 2025 security updates, a critical patch batch addressing 18 new security notes...

FileFix Attack Evolves with Cache Smuggling to Evade Detection

Threat Intelligence

FileFix Attack Evolves with Cache Smuggling to Evade Detection

A new variant of the FileFix social engineering attack is leveraging cache smuggling to secretly download malicious...

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

CVE News

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, is being actively...

Zeroday Cloud Hacking Contest Unites Tech Giants with $4.5 Million Bounty Pool

Bug Bounties & Responsible Disclosure

Zeroday Cloud Hacking Contest Unites Tech Giants with $4.5 Million Bounty Pool

A new hacking competition called Zeroday Cloud has announced a total prize pool of $4.5 million in...

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

CVE News

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

The Redis security team has issued patches for a critical, maximum-severity vulnerability that enables authenticated attackers to...

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

CVE News

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

A significant security vulnerability, tracked as CVE-2025-59489, has been identified within the Unity game engine, posing a...

Zimbra Zero-Day Exploited via Malicious iCalendar Files

CVE News

Zimbra Zero-Day Exploited via Malicious iCalendar Files

Security researchers have identified a new zero-day attack campaign targeting Zimbra Collaboration Suite (ZCS) that leverages malicious...

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

CVE News

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

Networking hardware manufacturer DrayTek is confronting a significant security crisis involving multiple vulnerabilities in its Vigor router...

HackerOne’s $81 Million Bug Bounty Payout Signals AI Security Surge

Bug Bounties & Responsible Disclosure

HackerOne’s $81 Million Bug Bounty Payout Signals AI Security Surge

The bug bounty ecosystem is experiencing unprecedented growth, with HackerOne announcing it paid out $81 million in...

MatrixPDF Toolkit Transforms PDFs into Advanced Phishing and Malware Lures

Threat Intelligence

MatrixPDF Toolkit Transforms PDFs into Advanced Phishing and Malware Lures

A new phishing and malware distribution toolkit called MatrixPDF enables attackers to convert ordinary PDF files into...

Western Digital Patches Critical My Cloud Command Injection Vulnerability

CVE News

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Western Digital has released firmware updates to address a critical-severity vulnerability in multiple My Cloud Network Attached...

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

CVE News

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, was actively exploited...

Supply Chain Attack Targets Rust Developers Through Malicious Crates

Threat Intelligence

Supply Chain Attack Targets Rust Developers Through Malicious Crates

A software supply chain attack targeting the Rust programming language ecosystem has been uncovered, involving malicious packages...

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

CVE News

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

Security researchers have identified new vulnerabilities in Supermicro’s Baseboard Management Controller (BMC) firmware that allow attackers to...

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

CVE News

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

A newly identified vulnerability in multiple versions of OnePlus’s OxygenOS allows any application installed on a device...

Posts pagination

1 2 3 4 … 12 Next

RCE

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

DanaBot Malware Resurfaces with New Infrastructure After Law Enforcement Takedown

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

FileFix Attack Evolves with Cache Smuggling to Evade Detection

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

Redis Critical RCE Vulnerability Puts Thousands of Instances at Risk

Critical Unity Engine Vulnerability CVE-2025-59489: Technical Analysis and Industry Response

Zimbra Zero-Day Exploited via Malicious iCalendar Files

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

HackerOne’s $81 Million Bug Bounty Payout Signals AI Security Surge

MatrixPDF Toolkit Transforms PDFs into Advanced Phishing and Malware Lures

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

Supply Chain Attack Targets Rust Developers Through Malicious Crates

Supermicro BMC Vulnerabilities Expose Persistent Backdoor Risks in Server Firmware

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

You may have missed

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis

U.S. Launches Scam Center Strike Force to Combat $10 Billion Crypto Fraud Networks