vulnerability

Critical WatchGuard Firebox RCE Flaw Exploited, CISA Issues Directive

CVE News

Critical WatchGuard Firebox RCE Flaw Exploited, CISA Issues Directive

WatchGuard has issued an urgent warning to customers regarding a critical, actively exploited remote code execution vulnerability...

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

CVE News

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

On December 3, 2025, the React and Next.js ecosystems were alerted to a maximum-severity vulnerability enabling unauthenticated...

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

Security Tools & Research

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

A comprehensive security scan of all 5.6 million public repositories on GitLab Cloud has revealed a significant...

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

CVE News

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

ASUS has issued an urgent security advisory addressing multiple critical vulnerabilities, including a severe authentication bypass flaw...

Tor’s Cryptographic Overhaul: Counter Galois Onion Replaces Vulnerable Relay Encryption

News

Tor’s Cryptographic Overhaul: Counter Galois Onion Replaces Vulnerable Relay Encryption

The Tor Project has initiated one of the most significant cryptographic updates in its history, replacing the...

Windows 11 24H2 Shell Instability: A Technical Analysis of Critical System Crashes

Blue-Team

Windows 11 24H2 Shell Instability: A Technical Analysis of Critical System Crashes

Microsoft has officially confirmed a critical bug in Windows 11 24H2 that causes the File Explorer, Start...

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

CVE News

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

Grafana Labs has issued a critical security advisory for its Enterprise product, warning of a maximum severity...

The Hidden Risks in Your DevOps Stack: A Technical Analysis of Supply Chain, Identity, and Recovery Threats

Blue-Team

The Hidden Risks in Your DevOps Stack: A Technical Analysis of Supply Chain, Identity, and Recovery Threats

Modern DevOps environments, built on platforms like GitHub, GitLab, and Azure DevOps, have accelerated software delivery but...

ShadowRay Campaign: First Major Attack on AI Infrastructure Exploits Disputed Ray Vulnerability

Threat Intelligence

ShadowRay Campaign: First Major Attack on AI Infrastructure Exploits Disputed Ray Vulnerability

A widespread campaign known as ShadowRay is actively exploiting a critical, yet officially disputed, vulnerability in the...

Native Sysmon Integration in Windows 11 and Server 2025: A New Era for Endpoint Visibility

Blue-Team

Native Sysmon Integration in Windows 11 and Server 2025: A New Era for Endpoint Visibility

Microsoft has announced a significant shift in its security strategy by integrating the System Monitor (Sysmon) tool...

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

CVE News

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

Google has released an emergency security update for its Chrome browser to address CVE-2025-13223, a high-severity type...

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

CVE News

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

A critical security vulnerability in the XWiki Platform, tracked as CVE-2025-24893, is now being actively exploited by...

Eurofiber France Breach: A Supply Chain Compromise Through Outdated GLPI

Data Breach

Eurofiber France Breach: A Supply Chain Compromise Through Outdated GLPI

Eurofiber France, a subsidiary of the Eurofiber Group, has confirmed a significant data breach discovered on November...

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

Threat Intelligence

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

A novel twist in the ongoing ClickFix malware campaigns has security researchers observing the abuse of the...

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

CVE News

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

ASUS has issued a security advisory concerning a critical authentication bypass vulnerability, tracked as CVE-2025-59367, affecting several...

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

Threat Intelligence

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

A significant security threat has been identified within the consumer Internet of Things (IoT) market, specifically targeting...

UK Cyber Security and Resilience Bill Introduces Stricter Rules for Critical Infrastructure

Cyber Laws & Regulations

UK Cyber Security and Resilience Bill Introduces Stricter Rules for Critical Infrastructure

The United Kingdom has introduced new legislation to boost cybersecurity defenses for hospitals, energy systems, water supplies,...

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

CVE News

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

A critical vulnerability in Gladinet’s Triofox file-sharing platform has been actively exploited by threat actors to bypass...

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

CVE News

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

SAP has released its November 2025 security updates, a critical patch batch addressing 18 new security notes...

NAKIVO v11.1 Enhances Disaster Recovery with Real-Time Replication and MSP Security

Blue-Team

NAKIVO v11.1 Enhances Disaster Recovery with Real-Time Replication and MSP Security

NAKIVO Inc. has launched Backup & Replication v11.1, a substantial update that significantly expands the platform’s disaster...

Posts pagination

1 2 3 4 … 24 Next

vulnerability

Critical WatchGuard Firebox RCE Flaw Exploited, CISA Issues Directive

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

GitLab Public Repository Scan Uncovers Widespread Exposure of Live Secrets

ASUS Confronts Critical Authentication Bypass Flaws in Routers and PC Software

Tor’s Cryptographic Overhaul: Counter Galois Onion Replaces Vulnerable Relay Encryption

Windows 11 24H2 Shell Instability: A Technical Analysis of Critical System Crashes

Grafana Enterprise Critical SCIM Vulnerability Enables Full Administrative Takeover

Native Sysmon Integration in Windows 11 and Server 2025: A New Era for Endpoint Visibility

Google Chrome’s Seventh Zero-Day of 2025 Patched in Emergency Update

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

Eurofiber France Breach: A Supply Chain Compromise Through Outdated GLPI

ASUS DSL Router Critical Authentication Bypass: CVE-2025-59367 Analysis and Mitigation

Compromised Android Photo Frames: A Supply Chain Attack Vector for Botnets and Spyware

UK Cyber Security and Resilience Bill Introduces Stricter Rules for Critical Infrastructure

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

You may have missed

Dark Web Data Exposure: Technical Analysis and Response for Security Professionals

Misinformation as a Threat Vector: Lessons from the Brown University Shooting Investigation

Google’s Gmail Address Change: A New Vector for Account Takeover and Social Engineering

The AI Investment Surge in India: A Strategic Analysis for Security Leaders