RCE

Critical WatchGuard Firebox RCE Flaw Exploited, CISA Issues Directive

CVE News

Critical WatchGuard Firebox RCE Flaw Exploited, CISA Issues Directive

WatchGuard has issued an urgent warning to customers regarding a critical, actively exploited remote code execution vulnerability...

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

CVE News

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

On December 3, 2025, the React and Next.js ecosystems were alerted to a maximum-severity vulnerability enabling unauthenticated...

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

Security Tools & Research

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

A comprehensive security scan of all 5.6 million public repositories on GitLab Cloud has revealed a significant...

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

CVE News

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

ASUS has issued an urgent security advisory addressing multiple critical vulnerabilities, including a severe authentication bypass flaw...

Windows 11 24H2 Shell Instability: A Technical Analysis of Critical System Crashes

Blue-Team

Windows 11 24H2 Shell Instability: A Technical Analysis of Critical System Crashes

Microsoft has officially confirmed a critical bug in Windows 11 24H2 that causes the File Explorer, Start...

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

CVE News

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

Grafana Labs has issued a critical security advisory for its Enterprise product, warning of a maximum severity...

The Hidden Risks in Your DevOps Stack: A Technical Analysis of Supply Chain, Identity, and Recovery Threats

Blue-Team

The Hidden Risks in Your DevOps Stack: A Technical Analysis of Supply Chain, Identity, and Recovery Threats

Modern DevOps environments, built on platforms like GitHub, GitLab, and Azure DevOps, have accelerated software delivery but...

ShadowRay Campaign: First Major Attack on AI Infrastructure Exploits Disputed Ray Vulnerability

Threat Intelligence

ShadowRay Campaign: First Major Attack on AI Infrastructure Exploits Disputed Ray Vulnerability

A widespread campaign known as ShadowRay is actively exploiting a critical, yet officially disputed, vulnerability in the...

Native Sysmon Integration in Windows 11 and Server 2025: A New Era for Endpoint Visibility

Blue-Team

Native Sysmon Integration in Windows 11 and Server 2025: A New Era for Endpoint Visibility

Microsoft has announced a significant shift in its security strategy by integrating the System Monitor (Sysmon) tool...

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

CVE News

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

Google has released an emergency security update for its Chrome browser to address CVE-2025-13223, a high-severity type...

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

CVE News

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

A critical security vulnerability in the XWiki Platform, tracked as CVE-2025-24893, is now being actively exploited by...

Eurofiber France Breach: A Supply Chain Compromise Through Outdated GLPI

Data Breach

Eurofiber France Breach: A Supply Chain Compromise Through Outdated GLPI

Eurofiber France, a subsidiary of the Eurofiber Group, has confirmed a significant data breach discovered on November...

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

Threat Intelligence

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

A novel twist in the ongoing ClickFix malware campaigns has security researchers observing the abuse of the...

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

CVE News

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

ASUS has issued a security advisory concerning a critical authentication bypass vulnerability, tracked as CVE-2025-59367, affecting several...

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

Threat Intelligence

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

A significant security threat has been identified within the consumer Internet of Things (IoT) market, specifically targeting...

DanaBot Malware Resurfaces with New Infrastructure After Law Enforcement Takedown

Malware Analysis

DanaBot Malware Resurfaces with New Infrastructure After Law Enforcement Takedown

The DanaBot malware operation has resumed its malicious activities, deploying a new version in active campaigns just...

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

CVE News

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

A critical vulnerability in Gladinet’s Triofox file-sharing platform has been actively exploited by threat actors to bypass...

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

CVE News

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

SAP has released its November 2025 security updates, a critical patch batch addressing 18 new security notes...

FileFix Attack Evolves with Cache Smuggling to Evade Detection

Threat Intelligence

FileFix Attack Evolves with Cache Smuggling to Evade Detection

A new variant of the FileFix social engineering attack is leveraging cache smuggling to secretly download malicious...

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

CVE News

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, is being actively...

Posts pagination

1 2 3 4 … 12 Next

RCE

Critical WatchGuard Firebox RCE Flaw Exploited, CISA Issues Directive

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

Windows 11 24H2 Shell Instability: A Technical Analysis of Critical System Crashes

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

Native Sysmon Integration in Windows 11 and Server 2025: A New Era for Endpoint Visibility

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

Eurofiber France Breach: A Supply Chain Compromise Through Outdated GLPI

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

DanaBot Malware Resurfaces with New Infrastructure After Law Enforcement Takedown

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

FileFix Attack Evolves with Cache Smuggling to Evade Detection

Critical GoAnywhere MFT Vulnerability Actively Exploited by Medusa Ransomware

You may have missed

Dark Web Data Exposure: Technical Analysis and Response for Security Professionals

Misinformation as a Threat Vector: Lessons from the Brown University Shooting Investigation

Google’s Gmail Address Change: A New Vector for Account Takeover and Social Engineering

The AI Investment Surge in India: A Strategic Analysis for Security Leaders