Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down […]
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked […]
New ransomware ‘Charon’ uses DLL sideloading to breach critical infrastructure
Trend Micro has identified a new ransomware strain, Charon, which is being deployed in highly targeted attacks against aviation and public sector entities in the […]
GitHub Copilot RCE Vulnerability via Prompt Injection Enables Full System Compromise
A critical security vulnerability in GitHub Copilot has been disclosed, allowing attackers to achieve remote code execution and complete system compromise through sophisticated prompt injection […]
‘Curly COMrades’ APT Hackers Target Critical Organizations Across Multiple Countries
Bitdefender Labs has identified a sophisticated advanced persistent threat (APT) group dubbed “Curly COMrades,” active since mid-2024, targeting critical infrastructure in geopolitically sensitive regions. This […]
Windows Remote Desktop Services Flaw Allows Network-Based Denial-of-Service Attacks
Microsoft disclosed a critical vulnerability in Windows Remote Desktop Services on August 12, 2025, that enables attackers to launch denial-of-service attacks remotely without requiring authentication […]
Microsoft Exchange Server Flaws Allow Network-Based Spoofing and Data Tampering
Microsoft has disclosed critical security vulnerabilities in Exchange Server that could enable attackers to conduct network-based spoofing attacks and tamper with sensitive data, according to […]
Hackers exploit unpatched Erlang/OTP to crack OT firewalls
A max-severity remote code execution (RCE) issue affecting the SSH daemon (sshd) of Erlang’s Open Telecom Platform (OTP) was exploited by attackers in the wild, […]
Microsoft Office Vulnerabilities Allow Attackers to Execute Remote Code
Microsoft has disclosed three critical security vulnerabilities in its Office suite that could enable attackers to execute malicious code remotely on affected systems. The vulnerabilities, […]
Multiple GitLab Vulnerabilities Allow Account Takeover and Stored XSS Attacks
GitLab has released critical security patches addressing multiple high-severity vulnerabilities that could enable attackers to execute account takeovers and stored cross-site scripting (XSS) attacks across […]