F5 Fixes HTTP/2 Vulnerability Enabling Massive DoS Attacks
F5 Networks has disclosed a new HTTP/2 vulnerability affecting multiple BIG-IP products that could allow remote attackers to launch denial-of-service attacks against corporate networks. The…
Month: August 2025
Google Awards $250,000 Bounty for Chrome RCE Vulnerability Discovery
Google has awarded a record-breaking $250,000 bounty to security researcher “Micky” for discovering a critical remote code execution vulnerability in Chrome’s browser architecture. The vulnerability…
PoC Released for Fortinet FortiSIEM Command Injection Flaw
Security researchers have uncovered a severe pre-authentication command injection vulnerability in Fortinet’s FortiSIEM platform that allows attackers to completely compromise enterprise security monitoring systems without…
Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code
A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems. The vulnerability, tracked as CVE-2025-53772,…
Winning the Breach Intelligence Race: How CISOs Can Stay Ahead of Threats Using Public Data
Introduction In today’s fast-evolving threat landscape, traditional breach detection systems often fall short in providing early warnings. CISOs are under pressure to not only respond…
New Gmail Phishing Attack With Weaponized Login Flow Steals Login Credentials
A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login…
“Serial Hacker” Sentenced to 20 Months in UK Prison
Rotherham hacker Al-Tahery Al-Mashriky jailed for 20 months after global cyberattacks, stealing millions of logins and targeting government websites. When police knocked on the door…
Multiple ImageMagick Vulnerabilities Cause Memory Corruption and Integer Overflows
Security researchers have uncovered four serious vulnerabilities in ImageMagick, one of the world’s most widely used open-source image processing software suites, potentially exposing millions of…
Why Certification is Critical for Securing the Future of eSIM and IoT Connectivity
The Internet of Things (IoT) has evolved from a visionary concept into a global reality. With over 38 billion connected devices projected by 20301, the…
Hackers Mimic IT Teams to Exploit Microsoft Teams Request to Gain System Remote Access
A sophisticated social engineering campaign by the EncryptHub threat group that combines impersonation tactics with technical exploitation to compromise corporate networks. The Russian-linked cybercriminals are…
Threat Actors Abuse npm Developer Accounts Hijacked to Spread Malicious Packages
A sophisticated phishing campaign targeting the maintainer of eslint-config-prettier, a widely-used npm package with over 3.5 billion downloads, resulted in malicious code being distributed to…
Scammers Compromised by Own Malware, Expose $4.67M Operation
CloudSEK uncovered a Pakistan-based family cybercrime network that spread infostealers via pirated software, netting $4.67M and millions of victims. The operation’s secrets were revealed when…