Microsoft September 2025 Patch Tuesday – 81 Vulnerabilities Fixed Including 22 RCE
Microsoft has released its September 2025 Patch Tuesday updates, addressing a total of 81 security vulnerabilities across its product suite.…
FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands
Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute…
Software Supply Chain Attacks
In today’s rapidly evolving business landscape, software supply chain attacks are becoming increasingly common—and more…
CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6
Ddos September 9, 2025 Rockwell Automation has issued a security advisory for a critical vulnerability in its Stratix industrial Ethernet…
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
A major data theft campaign targeting Salesforce data via the Salesloft Drift app began after threat actors compromised a key GitHub account,…
Innovator Spotlight: Seraphic
Reinventing Browser Security for the Enterprise The Browser: Enterprise’s Biggest Blind Spot On any given day, the humble web browser is…
Remote Access Abuse Biggest Pre-Ransomware Indicator
Abuses of remote access software and services are the most common ‘pre-ransomware’ indicators, according to new research from…
Qualys, Tenable Latest Victims of Salesloft Drift Hack
Cybersecurity providers Tenable and Qualys are the latest in a growing list of companies affected by a significant supply chain attack…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless…
Ten Cloud-Agnostic Cybersecurity Tips for Protecting Your Data Across Platforms
When it comes to rapidly scaling operational processing power and expanding digital storage, cloud platform solutions are unmatched. Offering…
BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch
Ddos August 30, 2025 At DEF CON 2025, Akamai security researcher Yuval Gordon revealed the story of BadSuccessor (CVE-2025-53779), an Active…
MystRodX: A Stealthy New Backdoor Found Hiding in Networks for Over 20 Months
Ddos August 30, 2025 XLab has identified a previously unknown and stealthy backdoor dubbed MystRodX, capable of operating undetected in…
NodeBB Vulnerability Let Attackers Inject Boolean-Based Blind and PostgreSQL Error-Based Payloads
NodeBB, a popular open-source forum platform, has been found vulnerable to a critical SQL injection flaw in version 4.3.0. The flaw,…
The Good, the Bad and the Ugly in Cybersecurity – Week 35
The Good | Interpol Cracks Down on Cybercrime as U.S. Sanctions North Korean IT Scheme Interpol announced the arrest of over 1200 suspects in…
Cisco Nexus 3000 and 9000 Series Vulnerability Let Attackers Trigger DoS Attack
Cisco has issued a High-severity security advisory alerting customers to a critical vulnerability in the Intermediate System-to-Intermediate…
Cisco IMC Virtual Keyboard Video Monitor Let Attacker Direct User to Malicious Website
Cisco disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated…
Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
Dutch intelligence agencies have revealed that the Chinese hacking group Salt Typhoon targeted organizations in the Netherlands. In a joint…
UK and US Blame Three Chinese Tech Firms for Global Cyberattacks
A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked three…
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
The UK, US and partners from across the globe have released a new report on the notorious Chinese APT group Salt Typhoon, claiming it has…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has…
Cisco Warns of High-Severity DoS Flaw (CVE-2025-20241) in Nexus Switches
Ddos August 28, 2025 Cisco Systems has published a security advisory detailing a high-severity denial-of-service (DoS) vulnerability affecting…
Chinese State Hackers Target Global Critical Infrastructure, NSA Warns
A coalition of cybersecurity and intelligence agencies from across the globe, including the United States National Security Agency (NSA), has…
Cross-domain Solutions: The Present and Future of a Growing Industry
Cross-domain solutions (CDS) consist of the secure exchange of information between security domains. This type of solution, which emerged as a…
28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide.…
IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript
A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as…
CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical…
Phishing Campaign Uses UpCrypter to Deploy Remote Access Tools
A global phishing campaign using personalized emails and fake websites to deliver malicious downloads has been identified by cybersecurity…
CISA Adds Citrix Vulnerabilities to KEV Catalog as New Flaws Emerge
The U.S. Cybersecurity and Information Security Agency (CISA) has added two Citrix vulnerabilities to its Known Exploited Vulnerabilities…
Citrix NetScaler ADC and Gateway 0-Day RCE Vulnerability Actively Exploited in Attacks
Cloud Software Group has disclosed multiple high-severity vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway…
URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack
The Cloud Software Group (CSG) has released urgent security updates to address three high-severity vulnerabilities affecting NetScaler ADC and…
Securing the AI Revolution: Introducing Cloudflare MCP Server Portals
2025-08-26 6 min read Securing the AI Revolution: Introducing Cloudflare MCP Server Portals Large Language Models (LLMs) are rapidly evolving…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure
In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging…
NVIDIA’s New Ethernet Tech Turns Distributed Data Centers Into a Single AI “Superfactory”
Ddos August 25, 2025 At the HOT Chips conference, NVIDIA unveiled its Spectrum-XGS Ethernet, a technology extending the Spectrum-X…
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete…
Weekly Cybersecurity News Recap : Apple 0-day, Chrome, Copilot Vulnerabilities and Cyber Attacks
This past week was packed with high-severity disclosures and active exploitation reports across the global threat landscape. At the forefront,…
Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by…
Backdoors & Breaches gameplay guide
At DASH 2025, we released a Datadog expansion pack of Backdoors & Breaches, a popular incident response card game by Black Hills…
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions
Key points and observations Datadog Security Research discovered three malicious VS Code extensions that target Solidity developers on…