AMD Zen 5 RDSEED Vulnerability
A newly disclosed vulnerability in AMD’s latest Zen 5 architecture has raised serious concerns about the reliability of hardware-based random number generation – a cornerstone of modern cryptography and secure computing. The Vulnerability: CVE-2025-62626 (AMD-SB-7055) Researchers have identified a flaw in the RDSEED instruction, a critical component responsible for generating cryptographically secure random numbers in […]
Rhysida Uses Fake PuTTY and Teams Ads
A large-scale malvertising campaign is weaponizing sponsored search results to push a stealthy loader called OysterLoader, also tracked as Broomstick and CleanUpLoader. Attackers place convincing ads on Bing that appear in search results and even inside the Windows 11 Start menu, pointing victims to fake download pages that impersonate legitimate tools such as PuTTY, Microsoft […]
WSUS Flaw Demands Your Immediate Attention
A critical remote code-execution vulnerability (CVE‑2025‑59287) in WSUS has moved from theory to reality: attackers are actively exploiting it in the wild. The flaw allows unauthenticated adversaries to run code with SYSTEM-level privileges on affected servers-opening the door to full network compromise, poisoned updates and lateral attacks. Attack-Chain Summary Researchers observed exploitation starting as early […]
Open-Source Breach
The Akira ransomware group has claimed responsibility for breaching the infrastructure of the open-source productivity suite Apache OpenOffice, reportedly exfiltrating approximately 23 gigabytes of sensitive operational data. The data alleged to have been stolen includes employee records (addresses, phone numbers, dates of birth, driver’s license numbers, Social Security numbers), financial information, and internal documentation covering […]
126 Malicious npm Packages Discovered
A new supply-chain attack dubbed PhantomRaven is putting developers and enterprises alike at serious risk. Security researchers have identified 126 malicious npm packages, collectively downloaded more than 86,000 times, that are actively stealing npm tokens, GitHub credentials and CI/CD pipeline secrets. What makes this campaign particularly dangerous: the packages appear benign in the npm registry […]
Urgent Advisory from Cybersecurity
The CISA and NSA, alongside international partners from Australia and Canada, have issued an urgent security advisory addressing high-risk vulnerabilities tied to on-premises Windows Server Update Services (WSUS) and Microsoft Exchange Server installations. The alert specifically cites exploitation of CVE‑2025‑59287 which allows remote code execution via WSUS, as well as configuration gaps in Exchange that […]
New “Brash” Flaw in Chromium’s Blink Engine
Researchers have uncovered a critical architectural vulnerability in Chromium-based browsers that enables attackers to trigger a denial-of-service (DoS) condition within 15 to 60 seconds. The flaw affects the Blink rendering engine and typically exploits the document.title API to flood the main browser thread and disable user interaction. How the Attack Works The exploit, dubbed Brash, […]
Critical Path Traversal Vulnerability
A serious security flaw has been identified in Docker Compose and tracked as CVE‑2025‑62725. The vulnerability allows attackers to overwrite arbitrary files on host systems even when developers run ostensibly benign commands like docker compose config or docker compose ps. This isn’t a risk limited to production containers – build pipelines, developer laptops, CI/CD runners […]
Critical Vulnerability in ASP.NET Core
A Must-Patch for Web ApplicationsMicrosoft has published a security advisory addressing a critical flaw (CVE‑2025‑55315) in its ASP.NET Core framework. The vulnerability, which affects the Kestrel web server component, allows attackers to perform HTTP request smuggling that can bypass security controls, access sensitive data, and potentially escalate privileges. How the Vulnerability Works The flaw arises […]
Critical Script-Injection Flaw in OpenVPN
A serious vulnerability has been found in early versions of OpenVPN (specifically from 2.7_alpha1 to 2.7_beta1) that impacts Linux, macOS, and other POSIX-based clients. A malicious VPN server could exploit this flaw to execute arbitrary commands on a connecting client device simply by manipulating DNS or DHCP options passed during the VPN session. How It […]