Kaspersky is warning LLM users of a new malicious campaign distributing a previously unknown malware, dubbed “BrowserVenom,” through a fake DeepSeek-R1 environment installer. According to […]
Command Injection Flaw in Palo Alto PAN-OS Allows Root-Level Code Execution
A newly disclosed command injection vulnerability (CVE-2025-4230) in Palo Alto Networks PAN-OS software enables authenticated administrators to bypass restrictions and execute arbitrary commands with root […]
Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions
Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web interface of its PAN-OS operating […]
Non-Human Identities: How to Address the Expanding Security Risk
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world […]
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from […]
.png)
Trend Micro Apex One Zero-Day Vulnerability Enables Attackers to Inject Malicious Code
Trend Micro has issued an urgent security bulletin addressing five critical vulnerabilities in its Apex One endpoint security platform that could allow attackers to execute […]
FIN6 exploits HR workflows to breach corporate defenses
The financially motivated cybercrime group FIN6, also known as Skeleton Spider, is targeting human resources professionals with an elaborate social engineering scheme that uses fake […]
Cybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking Forums
Cybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor […]
New Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account Takeover
Proofpoint Threat Intelligence has uncovered a large-scale Account Takeover (ATO) campaign, internally tracked as UNK_SneakyStrike, that leverages the open-source penetration testing framework TeamFiltration to target […]
Hackers Launch Coordinated Attack on Apache Tomcat Manager from 400 Unique IPs
Cybersecurity researchers at GreyNoise Intelligence have identified a significant coordinated attack campaign targeting Apache Tomcat Manager interfaces across the globe. On June 5, 2025, the […]