A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway. This flaw, rated as important, could […]
Malicious SEO Plugins on WordPress Can Lead to Site Takeover
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated […]
Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence
Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at […]
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are
Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI […]
Critical HIKVISION applyCT Flaw Allows Remote Code Execution
A newly disclosed vulnerability, tracked as CVE-2025-34067, has been identified in HIKVISION’s widely deployed security management platform, applyCT (also known as HikCentral).  This critical flaw allows […]
Researchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain Persistence
Security researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity […]
Writable File in Lenovo Path Lets Attackers Evade AppLocker Restrictions
A security researcher has uncovered a significant vulnerability affecting Lenovo computers: a writable file within the Windows directory that can be exploited to bypass AppLocker […]
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware
Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed […]
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
A critical vulnerability, tracked as CVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and <15.1.8, allowed […]
Kritische Schwachstelle in Cisco Unified CM entdeckt
Bereits zum zweiten Mal in einer Woche muss Cisco eine Schwachstelle mit höchsten Schweregrad melden. JarTee – shutterstock.com Cisco meldete kürzlich eine Schwachstelle mit höchster […]