A critical vulnerability, CVE-2025-42957, has been identified in SAP S/4HANA, carrying a near-maximum CVSS score of 9.9. The flaw enables users with only minimal privileges to execute arbitrary code, effectively granting them full control...
On August 20, Apple released an unscheduled security update for all major platforms—iOS, iPadOS, macOS, and others. The patch addresses CVE-2025-43300, a buffer overflow vulnerability in the ImageIO framework, by enforcing stricter boundary checks...
PortSwigger researcher Gareth Hayes has unveiled a novel technique for stealing data directly from HTML attributes using inline CSS, without relying on selectors or external style sheets. The discovery was made possible by the...
The Seqrite Labs APT-Team has uncovered a new campaign targeting Kazakhstan’s energy sector. Tracked since April 2025, the operation has been attributed to a previously unknown group, now dubbed NoisyBear. Its primary victim was...
The GhostAction attack stands as one of the most significant compromises of the GitHub ecosystem in recent years. Researchers at GitGuardian uncovered a sweeping campaign in which threat actors injected malicious workflow files into...
At the end of August, Canadian fintech company Wealthsimple reported a security incident that affected a small fraction of its clientele. According to the firm, on August 30 it detected the compromise of a...
Experts at eSentire have reported the discovery of a new botnet known as NightshadeC2, which employs unconventional techniques to evade defenses and sandbox environments. The malware is distributed through counterfeit versions of legitimate programs—such...
The threat group TAG-150, which researchers associate with the development of the CastleLoader malware, has expanded its arsenal with a new remote access trojan (RAT) known as CastleRAT. The discovery was reported by Recorded...
The hacking scene has once again made headlines with a provocative declaration. A Telegram channel carried a message from a group styling itself as “Scattered LapSus Hunters.” They claim to have gained access to...
The arrest of the alleged administrator of the Russian-speaking forum XSS[.]is, known under the alias Toha, has become a critical inflection point for the entire underground market. According to law enforcement, on July 22,...
Researchers at Eclypsium have recorded a sharp increase in scanning activity targeting outdated and long-abandoned network equipment. The chief danger lies in the fact that many of these attacks are being launched from already-compromised...
Artificial intelligence systems have often been criticized for producing convoluted vulnerability reports and overwhelming open-source developers with irrelevant complaints. Yet researchers from Nanjing University and the University of Sydney have presented a striking counterexample:...
