Two security researchers, operating under the pseudonyms BobDaHacker and BobTheShoplifter, have claimed to uncover “catastrophic” vulnerabilities in the systems of Restaurant Brands International (RBI)—the parent company of Burger King, Tim Hortons, and Popeyes, which...
A critical vulnerability, CVE-2025-42957, has been identified in SAP S/4HANA, carrying a near-maximum CVSS score of 9.9. The flaw enables users with only minimal privileges to execute arbitrary code, effectively granting them full control...
On August 20, Apple released an unscheduled security update for all major platforms—iOS, iPadOS, macOS, and others. The patch addresses CVE-2025-43300, a buffer overflow vulnerability in the ImageIO framework, by enforcing stricter boundary checks...
PortSwigger researcher Gareth Hayes has unveiled a novel technique for stealing data directly from HTML attributes using inline CSS, without relying on selectors or external style sheets. The discovery was made possible by the...
Security researcher Matthew Bryant has introduced a new tool called Thermoptic—an HTTP proxy that disguises network requests as genuine Chrome browser traffic, enabling users to circumvent blocking systems based on connection fingerprint analysis. Such...
The Seqrite Labs APT-Team has uncovered a new campaign targeting Kazakhstan’s energy sector. Tracked since April 2025, the operation has been attributed to a previously unknown group, now dubbed NoisyBear. Its primary victim was...
Andrew Ferguson, Chairman of the U.S. Federal Trade Commission (FTC), sent a letter to Google CEO Sundar Pichai accusing Gmail of disproportionately filtering emails from Republican fundraising organizations into spam compared to similar Democratic...
The GhostAction attack stands as one of the most significant compromises of the GitHub ecosystem in recent years. Researchers at GitGuardian uncovered a sweeping campaign in which threat actors injected malicious workflow files into...
At the end of August, Canadian fintech company Wealthsimple reported a security incident that affected a small fraction of its clientele. According to the firm, on August 30 it detected the compromise of a...
Experts at eSentire have reported the discovery of a new botnet known as NightshadeC2, which employs unconventional techniques to evade defenses and sandbox environments. The malware is distributed through counterfeit versions of legitimate programs—such...