Why API security is different (and why it matters)
Two months in at Detectify and I’ve realized something: API security is a completely different game from web application security. And honestly? I think a…
Month: October 2025
Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution
Ivanti has disclosed 13 vulnerabilities in its Endpoint Manager (EPM) software, including two high-severity flaws that could enable remote code execution and privilege escalation, urging…
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges…
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
Oct 14, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering…
Nexperia Faces Dutch Intervention Amid Security Concerns
The Dutch government has invoked the Goods Availability Act (Wet Beschikbaarheid Goederen) to assert control over decisions made by Chinese-owned semiconductor firm Nexperia, citing risks…
Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884 Pierluigi Paganini October 14, 2025 Oracle issued an emergency security update to…
New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability
A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux…
Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access
A recent surge in threat actors leveraging remote management and monitoring (RMM) tools for initial access has intensified scrutiny of platforms once reserved for legitimate…
Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack
Luxembourg, Luxembourg, October 14th, 2025, CyberNewsWire Surge in scale and sophistication highlights rising threats to tech and digital infrastructure Gcore, the global edge AI, cloud,…
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Oct 14, 2025Ravie LakshmananMalware / Typosquatting Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control…
Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands
Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate…
Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
Ivanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven…