Threat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. […]
Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers
Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, […]
Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections
A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive […]
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked […]
New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in […]
![5 Threats That Reshaped Web Security This Year [2025]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ51hMVtHfFQ2O7pCZYfK5WkypXg1Qury_AA_VudY5f_n7u8S8M4UJAy76w7DM1aBq1faDyuaOO4VJP7bIj1L1-AgNzZjQf0-kZlhU6kH-G4qDMkZFF_7YsL3v5R6d9PkpJcTegD7H01BySWNNs-m5toA_DTqVSVs-sCeLm5n1zJuLzs1_erWdl8asq4k/s1600/reflectiz.jpg)
5 Threats That Reshaped Web Security This Year [2025]
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving […]
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These […]
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, […]
Submarine cable cybersecurity: protecting critical infrastructure
Between 95 and 99% of the world’s data traffic travels through submarine cables. An extensive network of more than 1.3 million kilometers, which travels across […]
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, […]