New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user…
FIRESTARTER: Cisco ASA Backdoor
The Advisory That Changes EverythingOn April 23, 2026, CISA and the United Kingdom National Cyber Security Centre jointly assessed that…
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
Security researchers have identified malware dating back to 2005 that appears to have been designed to disrupt Iran’s nuclear program…
Python Vulnerability Allows Out-of-Bounds Write on Windows Systems
A security vulnerability has been discovered in Python’s Windows asyncio implementation, allowing attackers to trigger out-of-bounds…
Hackers Can Exploit Ollama Model Uploads to Leak Sensitive Server Data
A critical, unpatched vulnerability has been discovered in Ollama, a widely used open-source platform for running Large Language Models…
Harvester APT Expands Spying Operations with New GoGra Linux Malware
A nation-state-backed Advanced Persistent Threat (APT) group identified as Harvester has, reportedly, developed a new, malicious backdoor…
Compromised axios npm package delivers cross-platform RAT
Key points and observations On March 31, 2026, an attacker hijacked an axios npm maintainer account and published two malicious releases:…
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited…
SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits
Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC)…
Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious
Datadog Security Research has identified an active web traffic hijacking campaign that targets NGINX installations and management panels like…
OpenSSL January 2026 Security Update: CMS and PKCS#12 Buffer Overflows
Today, on January 27th, 2026, the OpenSSL project published details on vulnerabilities affecting the OpenSSL Software Library. Impacted…
Introducing IDE-SHEPHERD: Your shield against threat actors lurking in your IDE
In recent years, Integrated Development Environments (IDEs) have become a pivotal component in modern software development, providing…
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS…
Critical Samba RCE Vulnerability Enables Arbitrary Code Execution
Samba has disclosed a severe remote code execution (RCE) flaw that could allow attackers to hijack Active Directory domain controllers.…
Broadcom Shifts VMware Workstation/Fusion to Year-Based Versioning with New 25H2 Release
Broadcom has recently announced a change to the versioning system of its virtualization software, VMware Workstation Pro and Fusion Pro.…
Patch Tuesday, October 2025 ‘End of 10’ Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two…
CVE Deep Dive : CVE-2025–32463
Sudo “Chroot to Root” — Critical Library Loading Privilege EscalationPublished : Sept 23, 2025 | by : OptPress enter or…
Hackers Target ScreenConnect Features For Network Intrusions
A rise in cyber-attacks exploiting remote monitoring and management (RMM) tools for initial access via phishing has been observed by…
Pro-Russia Hacktivists “Claim” Attack on Water Utility Honeypot
A Russia-aligned hacktivist gang has been tricked into targeting a honeypot disguised as a water treatment utility, cybersecurity company…
DFIR Tool Hijacked: Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks
Cisco Talos has confirmed that ransomware operators are now abusing Velociraptor, an open-source digital forensics and incident response…
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the…
Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator…
Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks
Google has released Chrome version 141.0.7390.65/.66 for Windows and Mac, along with 141.0.7390.65 for Linux, addressing multiple critical…
Zeroday Cloud hacking contest offers $4.5 million in bounties
A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5…
Steam and Microsoft warn of Unity flaw exposing gamers to attacks
A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on…
Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used…
500X Surge in Scanning Targets Palo Alto and Cisco ASA
Enterprise security teams are on high alert after an extraordinary 500% spike in mass scanning activity was detected against Palo Alto…
Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352)
researcher StreyPaws has published an in-depth analysis of CVE-2025-38352, a Time-of-Check to Time-of-Use (TOCTOU) race condition in the…
Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser
Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers…
Qualcomm Wins “Complete Victory” Over Arm in Major Chip Licensing Lawsuit
The long-standing licensing dispute between Qualcomm and Arm has finally reached its conclusion. On October 1, a U.S. District Court formally…
Chrome 141 Stable Channel Update Patches High-Severity Vulnerabilities (CVE-2025-11205 & CVE-2025-11206)
The Chrome team has announced the promotion of Chrome 141 to the Stable Channel for Windows, Mac, and Linux. The release—version…
Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure
Red Hat published security advisory CVE-2025-10725, detailing an Important severity flaw in the OpenShift AI Service that could enable…
CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog
The threat landscape continues to evolve rapidly and staying ahead of actively exploited vulnerabilities is key to effective cybersecurity…
CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks
CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently…
CISA warns of critical Linux Sudo flaw exploited in attacks
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with…
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line…
You name it, VMware elevates it (CVE-2025-41244)
On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service…
Akira Ransomware Exploits SonicWall VPN Accounts With Lightning-Fast Intrusions
Akira ransomware Leaksite Arctic Wolf has observed a major uptick in Akira ransomware activity since late July 2025, with attackers…
New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads
A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices…
Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers
Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms. Tracked as CVE-2025-20363…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
US Federal Agency Breached Via GeoServer Vulnerability
IntroductionIn September 2025, CISA confirmed that a major breach had impacted a US federal agency through the exploitation of a critical…