Microsoft has announced sweeping enhancements to its vulnerability rewards program for the .NET platform, significantly broadening its scope and increasing compensation for valid discoveries. Security researchers can now earn up to $40,000 for critical...
A critical vulnerability has been discovered in the Cursor source code editor, an AI-powered tool designed to assist programmers. The flaw, identified as CVE-2025-54135 and dubbed CurXecute, affects nearly all versions of the IDE...
In the autumn of 2024, the InfoSect bug hunting team prepared a remote code execution attack targeting the Synology TC500 IP camera for entry in the Pwn2Own Ireland competition. The exploitation hinged on a...
A critical vulnerability has been discovered in the widely used WordPress theme “Alone — Charity Multipurpose Non-profit”, which is already being exploited by malicious actors to compromise websites. Tracked as CVE-2025-5394, the flaw has...
Researchers at Bitdefender have disclosed two critical vulnerabilities in the firmware of Dahua smart surveillance cameras. These flaws, rooted in the ONVIF protocol implementation and the file upload mechanism, enable attackers to gain full...
Cybersecurity experts have identified more than a dozen critical vulnerabilities within the Niagara Framework—a platform developed by Tridium, a subsidiary of Honeywell. This technology is extensively deployed in the automation and management of smart...
A critical vulnerability has been discovered in Google’s newly released command-line interface tool, Gemini CLI, which could allow attackers to covertly execute malicious commands and exfiltrate data from developers’ machines—provided certain commands are permitted...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in the widely used print management software, PaperCut NG and MF. The flaw,...
Smart devices within a network are no longer mere assistants — they are potential adversaries. With every internet-connected thermostat or television, a new fissure emerges in the digital infrastructure. This truth is underscored by...
At the inaugural DistrictCon Junkyard competition, analysts from Trail of Bits vividly demonstrated the grave risks posed by outdated networking devices left without updates. During the event, they remotely compromised two discontinued products—the Netgear...
Researchers have uncovered a stealthy backdoor within WordPress, cunningly disguised as a system file within the mu-plugins directory—a special location designated for must-use plugins. This strategic placement enables threat actors to establish a persistent...
Recently uncovered critical vulnerabilities in Cisco’s infrastructure are already being actively exploited by malicious actors to compromise corporate networks. The company has officially confirmed that its Product Security Incident Response Team (PSIRT) has observed...
AI-powered programming tools are rapidly gaining popularity, and one of the most prominent—Cursor—has introduced a new YOLO mode (short for “you only live once”) that enables its agent to execute complex sequences of actions...
Hackers have successfully injected malicious code into popular npm packages by leveraging a phishing campaign against project maintainers. The attackers orchestrated a targeted campaign aimed at developers stewarding key projects and managed to steal...
A critical vulnerability has been discovered in Microsoft SharePoint Server, now actively exploited as part of a widespread cyberattack campaign. The flaw, identified as CVE-2025-53770, carries a staggering severity score of 9.8 out of...
Four vulnerabilities within the Bluetooth stack BlueSDK, developed by OpenSynergy and collectively named PerfektBlue, pose a serious security threat to millions of vehicles. These flaws allow remote code execution on targeted devices and potentially...