Critical Vulnerability in Salesforce AgentForce Exposed
A critical vulnerability chain in Salesforce's AI-powered AgentForce platform has been discovered by cybersecurity researchers. The flaw,…
Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by…
Cisco warns of IOS zero-day vulnerability exploited in attacks
Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being…
iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks
Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit…
CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk
DNN Software has issued a security advisory warning of a critical stored cross-site scripting (XSS) vulnerability in its Prompt module,…
CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw affecting Lectora, a…
JWT Warfare: Obfuscation, Cracking, and Red Team Exploits | Cyber Codex
What is JWT?JWT (JSON Web Token) is a compact, URL-safe method of representing claims between two parties. It is used mostly in stateless…
How LLMs can be compromised in 2025 | Kaspersky official blog
Developers of LLM-powered public services and business applications are working hard to ensure the security of their products, but the…
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)
The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable…
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a…
SAP Issues Critical Security Patch for NetWeaver and Other Products, Warns of CVE-2025-42944
SAP has released a new security update addressing a broad range of vulnerabilities across its product ecosystem. Among the most alarming is a…
High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of two critical local security flaws affecting Sunshine for…
GitLab Urges Immediate Update for Two High-Severity Flaws
GitLab has released new versions of its Community and Enterprise Editions to address several security vulnerabilities, including two critical…
Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace
Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. Kosovar…
Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS
Zoom released a security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows…
SAP Security Patch Day September 2025 – 21 Vulnerabilities and 4 Critical One’s Patched
As part of its scheduled security maintenance, SAP released its September 2025 Patch Day notes, addressing a total of 21 new vulnerabilities…
SAP Patch Tuesday: Key Vulnerabilities in September 2025
The September 2025 SAP Patch Tuesday brings a critical batch of security updates addressing a diverse portfolio of vulnerabilities across…
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams,…
Vulnerabilities in OpenSolution QuickCMS software
CVE ID CVE-2025-54540 Publication date 28 August 2025 Vendor OpenSolution Product QuickCMS Vulnerable versions 6.8 Vulnerability type (CWE)…
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot…
IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript
A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as…
Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage,…