Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
Welcome to this week's Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The…
Unpatched flaw in OnePlus phones lets rogue apps text messages
A vulnerability in multiple versions of OxygenOS, the Android-based operating system from OnePlus, allows any installed app to access SMS data…
OnePlus leaves researchers on read over Android bug that exposes texts
Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS…
CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild
Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security Gateway…
OpenAI’s New Grove Incubator Is Building the Next Generation of AI Startups
OpenAI recently unveiled its internal incubation initiative, OpenAI Grove. Unlike traditional startup accelerators or incubator programs,…
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a…
Adobe Releases Emergency Patch for Critical Flaw in Commerce and Magento
Threat researchers from the Sansec Forensics Team have warned about a critical vulnerability in Adobe Commerce and Magento, an open-source…
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow…
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call…
Magento and Adobe SessionReaper Vulnerability Exposes Thousands Of Online Stores to Attacks
Adobe has issued an emergency security patch for a critical vulnerability in its Magento and Adobe Commerce platforms, dubbed…
Vulnerability in SMSEagle devices
CVE ID CVE-2025-10095 Publication date 09 September 2025 Vendor Proximus sp. z o.o. Product SMSEagle Vulnerable versions All before 6.11…
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to…
CVE-2024-58259: DoS Flaw in Rancher Manager Allows Unauthenticated Attackers to Crash Servers
Ddos September 1, 2025 The SUSE Rancher Security Team has issued a security advisory addressing a high-severity vulnerability in Rancher…
QNAP Patches Critical Flaw (CVE-2025-52856) with CVSS 9.3
Ddos August 29, 2025 QNAP has released a security advisory addressing multiple vulnerabilities affecting the QVR firmware on legacy VioStor…
NodeBB Vulnerability Let Attackers Inject Boolean-Based Blind and PostgreSQL Error-Based Payloads
NodeBB, a popular open-source forum platform, has been found vulnerable to a critical SQL injection flaw in version 4.3.0. The flaw,…
Ten Years of Resilience, Innovation & Community-Driven Defense
The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security…
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to…
Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage,…
Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation
The term “In the Wild” is broadly used to refer to any activity that has been observed outside of a controlled environment.…