A critical flaw within the File Transfer Protocol (FTP) implementation an antiquated mechanism for transmitting data between computers has resided in the Squid proxy server for nearly 29 years. This severe defect enables unauthorized...
A single corrupted video file can sometimes be dangerous even before execution. The new PixelSmash vulnerability in FFmpeg vividly demonstrates this severe threat. Routine video processing can easily cascade into a complete server crash...
AI assistants have become a normal tool for debugging lately. Yet even an ordinary crash report can turn into a command that runs someone else’s code on your machine. Tenet Threat Labs has shown...
Attackers injected malicious JavaScript into Okendo Reviews, a product review widget used by more than 18,000 brands. The compromised script loaded on store pages. After a few checks, it could show visitors a fake...
Trust in a familiar sender keeps turning into a weak point. A new campaign against WhatsApp users builds on exactly that bet. The attackers send malicious files from already-hijacked accounts. They disguise the attachments...
The longer an electronics supply chain grows, the harder it gets to keep trade secrets inside factory walls. India’s Tata Electronics has now confirmed a recent cyber incident. The confirmation followed reports that files...
Sometimes a leak starts not with a hacked admin panel, but with an open service request. Attackers are using exactly that method against WordPress sites that run the Gravity SMTP plugin. The vulnerability, tracked...
At a Glance Field Detail Malware family Prinz Eugen (Go-based ransomware, .prinzeugen extension) Threat actor Prinz Eugen group; linked to the operator handle ROOTBOY (suspected) Victims At least five organizations, including Standard Bank Group...
Malware Family: AryStinger Threat Actor: Unknown (Suspected) Victims: Over 4,000 legacy D-Link routers and NAS systems Delivery Vector: Exploitation of older CVEs Key Capabilities: Traffic proxying, distributed scanning, DNS hijacking Source: XLab (Qianxin) Over...
Generative AI as a Criminal Commodity Cybercriminals increasingly integrate artificial intelligence into traditional attack strategies. However, they frequently exploit this novel technology as a lucrative commodity. Recently, researchers investigated various illicit forums and dark...
Even services built for private conversation sometimes betray themselves. The giveaway is not the content of the messages. Instead, it is the ordinary network infrastructure behind them. Analysts at Covert Security found that the...
F5 has issued an unscheduled security advisory for several products tied to NGINX and BIG-IP. The company detailed six NGINX vulnerabilities in total. Some earned a high severity rating, and F5 has already fixed...
GitHub has filled up with fake repositories. They disguise themselves as ordinary developer projects. In reality, they push Trojans through links to ZIP archives. A developer using the alias Orchid uncovered the large campaign....
Attackers have already begun abusing a critical Splunk Enterprise vulnerability. Meanwhile, hundreds of open instances of the product remain reachable on the internet. So the window to patch is closing fast. What Is CVE-2026-20253?...
The Linux kernel has finally settled an old debt. After years of effort, the Linux strncpy removal is complete in version 7.2. The strncpy API is now gone from the source tree. For decades,...
