Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication
Two critical vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote…
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)
The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable…
Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control
The Taiwan Computer Emergency Response Team (TWCERT/CC) has issued a vulnerability note warning of two critical security flaws in…
CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk
The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational for developers worldwide.…
Beyond the Firewall: Protecting Your Marketing Department from Cyber Threats and Safeguarding Digital Assets
Digital media created more opportunities for companies to engage with consumers than ever before, but such increased interconnectedness has a…
CISA Warns of Attacks on DELMIA Manufacturing Software Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a manufacturing operations management software vulnerability to its…
HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot
ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware,…
Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code
Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the…
France Warns Apple Users of New Spyware Campaign
Apple recently issued a spyware campaign alert, according to the French Computer Emergency Response Team (CERT-FR). The national incident…
CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks
Ddos September 12, 2025 The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular…
CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited
Ddos September 12, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Dassault Systèmes DELMIA…
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to…
New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs
A novel speculative execution attack named VMSCAPE allows a malicious virtual machine (VM) to breach its security boundaries and…
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified…
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient…
Boost Operational Resilience: Proactive Security with CORA Best Practices
On almost a monthly basis, the US Cybersecurity & Infrastructure Security Agency (CISA) publishes advisories about the latest…
Australia Warns of Ransomware Attacks Exploiting SonicWall VPN Flaw CVE-2024-40766
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an urgent alert regarding active exploitation of…
NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an…
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to…
MCP vulnerability case study: SQL injection in the Postgres MCP server
Key points and observations We found a SQL injection vulnerability in Anthropic’s reference Postgres MCP server that allowed us to…
RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale
Key points and observations Datadog Security Research has discovered a new Linux cryptojacking campaign, named RedisRaider, targeting publicly…