Apple Issues New Spyware Alerts for French Officials and Journalists
Ddos September 12, 2025 Apple occasionally issues spyware attack notifications, publicly disclosing on its website which countries or regions…
CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access
Ddos September 12, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in…
CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks
Ddos September 12, 2025 The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular…
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to…
MCP vulnerability case study: SQL injection in the Postgres MCP server
Key points and observations We found a SQL injection vulnerability in Anthropic’s reference Postgres MCP server that allowed us to…
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Whitepapers IoT Research min read Vulnerabilities Identified in Dahua Hero C1 Smart Cameras Bitdefender July 30, 2025 Promo Protect all your…
I SPy: Escalating to Entra ID's Global Admin with a first-party app
This research was presented at fwd:cloudsec North America on June 30th, 2025. You can find the talk here. Key points Service principals (SPs)…
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
Update - July 11, 2025: We are making a correction to the Git CLI versions vulnerable to this based on updates to the GitHub advisory around…