Security researchers from Kaspersky Lab discovered a weakness in Microsoft Windows that can allow an attacker to take full control of a computer in just a few minutes. This highestRead More →
Let’s start away walk through a realistic vulnerability discovery scenario using W1nZ1p (we have changed the name to avoid any claims) as the example. The objective here is not exploitationRead More →
SquareX Labs demonstrates a practical, low-friction attack class — AI Sidebar Spoofing — where a malicious browser extension or attacker-controlled page injects a visually identical, writable AI sidebar into theRead More →
In a bold move to counter the growing number of open-source software supply chain attacks, Google has launched OSS Rebuild, a program designed to automatically rebuild OSS packages in isolatedRead More →
Citrix has disclosed two high-impact vulnerabilities—CVE-2025-5777 (dubbed CitrixBleed 2) and CVE-2025-5349—affecting NetScaler ADC and Gateway appliances. These flaws, particularly CitrixBleed 2, enable unauthenticated attackers to extract sensitive session data directlyRead More →
A newly disclosed vulnerability in WinRAR, the widely used Windows file compression utility, has sparked serious concern in the cybersecurity community due to its ability to bypass Microsoft’s “Mark ofRead More →
A newly disclosed vulnerability dubbed ImageRunner, uncovered by Tenable Research, exposed a subtle yet powerful privilege escalation pathway in Google Cloud Platform’s Cloud Run service. The vulnerability, now patched byRead More →
In a critical security disclosure, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Food and Drug Administration (FDA) have warned healthcare providers and cybersecurity professionals about a high-riskRead More →
In December 2024, Arctic Wolf Labs uncovered a targeted campaign exploiting Fortinet FortiGate firewalls via publicly exposed management interfaces. This campaign enabled threat actors to gain unauthorized access, alter configurations,Read More →
MediaTek’s January 2025 Product Security Bulletin has highlighted a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2024-20154, which affects millions of devices using MediaTek chipsets. This vulnerability is presentRead More →
The LDAPNightmare Proof-of-Concept (PoC) exploit, leveraging the critical vulnerability CVE-2024-49113, has brought to light serious weaknesses in Windows Server environments. This vulnerability targets the Local Security Authority Subsystem Service (LSASS),Read More →
Palo Alto Networks has released a critical security patch to address a recently identified vulnerability in its PAN-OS operating system, widely used in its firewall and network security appliances. TheRead More →
Sophos, a global leader in cybersecurity, has disclosed three critical vulnerabilities in its Sophos Firewall product, warning that these flaws could be exploited by remote, unauthenticated threat actors to compromiseRead More →
A critical vulnerability, identified as CVE-2024-0132, has been discovered in NVIDIA’s AI infrastructure, affecting over 35% of cloud environments utilizing NVIDIA GPUs. This vulnerability targets the NVIDIA Container Toolkit andRead More →
The Blast-RADIUS vulnerability represents a critical flaw in the RADIUS (Remote Authentication Dial-In User Service) protocol, which has been a cornerstone of network security for over three decades. Discovered recently,Read More →
A new critical vulnerability, identified as CVE-2024-6387, has been discovered in OpenSSH. This flaw involves a signal handler race condition that can potentially be exploited by attackers to gain unauthorizedRead More →
A significant security flaw, identified as CVE-2023-49606, has been reported by Cisco Talos in the widely used Tinyproxy software. This vulnerability, stemming from improper handling of HTTP Connection headers, exposesRead More →
The cybersecurity community has recently been abuzz with discussions surrounding CVE-2024-3400, a critical vulnerability affecting Palo Alto Networks’ PAN-OS, used in their popular firewall products. This vulnerability has seen aRead More →
In a recent study conducted by SafeBreach Labs, a security research team has uncovered a trio of vulnerabilities stemming from a longstanding issue within the DOS-to-NT path conversion process usedRead More →
CVE-2024-31497 has emerged as a critical security flaw affecting PuTTY, a widely used SSH and Telnet client, from versions 0.68 through 0.80, all of which are now confirmed to haveRead More →
