A crucial point has been reached in the conflict between personal privacy and governmental monitoring in a time when digital communication is essential. Governments worldwide […]
New Safari XSS Vulnerability Exploits JavaScript Error Handling to Run Arbitrary Code
Cross-site scripting (XSS) remains one of the most persistent threats in web security, but most discussions focus on traditional vectors. A lesser-known but intriguing avenue […]
Cisco Wireless LAN Controllers under threat again after critical exploit details go public
The heat is back on Wireless LAN Controllers (WLCs) running Cisco IOS XE after technical details of a recently disclosed max-severity exploit were made public. […]
CISA Alerts on ConnectWise ScreenConnect Authentication Vulnerability Actively Exploited
A critical improper authentication vulnerability has been discovered in ConnectWise ScreenConnect, tracked as CVE-2025-3935 and mapped to CWE-287 (Improper Authentication). This flaw affects all ScreenConnect […]
Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling […]
New Research Uncovers Strengths and Vulnerabilities in Cloud-Based LLM Guardrails
Cybersecurity researchers have shed light on the intricate balance of strengths and vulnerabilities inherent in cloud-based Large Language Model (LLM) guardrails. These safety mechanisms, designed […]
Hackers Abuse AI Tool Misconfigurations to Execute Malicious AI-Generated Payloads
A malicious threat actor has exploited a misconfigured instance of Open WebUI, a widely-used self-hosted AI interface with over 95,000 stars on GitHub, designed to […]
Beware: Fake Booking.com Sites Spread AsyncRAT Malware to Infect Devices
Cybercriminals have launched a devious campaign targeting users of gaming sites, social media platforms, and even sponsored ads by redirecting links to counterfeit Booking.com websites. […]
Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript
Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The […]
The high cost of misconfigured DevOps: Global cryptojacking hits enterprises
A massive ongoing cryptojacking operation is actively exploiting misconfigured DevOps tools, including Nomad, Consul, Docker, and Gitea, to hijack computing power for cryptocurrency mining, Wiz […]