Nearly a year after the announcement of the OpenWrt One router, the community has finally received the long-awaited patches that make the device fully compatible with the mainline Linux kernel. OpenWrt One is the...
Microsoft has patched a critical vulnerability in the Kestrel web server for ASP.NET Core, tracked as CVE-2025-55315. Classified as an HTTP Request Smuggling flaw, it enables an authenticated attacker to “inject” additional requests into...
A North Korean–linked group has, for the first time, adopted EtherHiding — a technique that conceals malicious code inside smart contracts on public blockchains and swaps payloads on the fly. Google’s Threat Intelligence Team...
The Wine project has announced the release of its new experimental version 10.17, dated October 17, 2025. Wine enables users to run Windows applications and games on Linux, macOS, and BSD, and this update...
burpgpt burpgpt leverages the power of AI to detect security vulnerabilities that traditional scanners might miss. It sends web traffic to an OpenAI model specified by the user, enabling sophisticated analysis within the passive scanner. This...
In October 2025, researchers at Kaspersky Lab uncovered a malicious package on the popular npm registry named https-proxy-utils, masquerading as a legitimate proxy utility. The trojanized module was engineered to deploy AdaptixC2 on compromised...
Microsoft has begun testing a new Copilot Actions feature in Windows 11. This experimental mode, available to Windows Insider participants in Copilot Labs, enables artificial intelligence to perform operations with local files and applications....
Researchers at VUSec have unveiled Training Solo, a study that calls into question the very foundations of defenses against Spectre-v2 attacks. Where isolation of prediction domains was long believed to eliminate the possibility of...
Gladinet has released a security update for its enterprise CentreStack solution that remedies a local file inclusion (LFI) vulnerability, CVE-2025-11371 (CVSS 6.2). Attackers have been actively exploiting this flaw as a zero-day since late...
Microsoft has revoked more than two hundred digital certificates that had been exploited in attacks involving the Rhysida ransomware. These signatures were used to distribute malicious builds disguised as legitimate Microsoft Teams installers, within...
An advertisement has surfaced on the dark web offering three terabytes of data allegedly stolen from two major Russian SMS aggregators. The individual behind the post, using the pseudonym ByteToBreach, claims that the leak...
In recent weeks, a surge of phishing campaigns has emerged in which attackers impersonate popular password managers — LastPass, Bitwarden, and 1Password. Their objective is to deceive users into revealing their master password, the...
