Adobe Commerce Flaw
A serious vulnerability called SessionReaper (CVE-2025-54236) in Adobe Commerce and Magento Open Source could allow attackers to take control of customer accounts through the REST API. Improper input validation and insecure session storage are at the heart of the issue. This flaw is especially risky for online retailers, digital platforms with user logins, and businesses […]
MCP Tool Exploitation in ChatGPT
The rapid adoption of Model Context Protocol (MCP) tools in platforms like ChatGPT has transformed productivity and automation. Yet, as with all emerging technologies, attackers are quick to exploit weaknesses. Recent findings reveal how adversaries leveraged vulnerabilities in MCP interactions with third-party services to exfiltrate sensitive email data-undetected. How the Exploit Worked MCP tools are […]
AI-Powered Malware
A new AI-powered malware strain, EvilAI, has been detected actively evading traditional detection mechanisms by embedding itself within legitimate software tools. This malware leverages advanced AI algorithms to dynamically modify its behavior, making it difficult to identify and mitigate. Why This Matters EvilAI represents a significant evolution in malware design. Unlike traditional threats, it can […]
Salesforce Platforms in Data Theft Attacks
The FBI has raised alarms about two advanced persistent threat groups, UNC6040 and UNC6395, that are actively exploiting Salesforce environments. These groups are using sophisticated tactics to infiltrate organizations, harvest sensitive information, and potentially compromise broader ecosystems that rely on Salesforce for customer relationship management. What the FBI Found Both groups have been observed using […]
Nmap vs. Wireshark
In the realm of network penetration testing, two tools stand out for their distinct capabilities: Nmap and Wireshark. Understanding when and how to use each can significantly enhance the effectiveness of your security assessments. Nmap: The Network Mapper Nmap (Network Mapper) is an open-source tool primarily used for network discovery and security auditing. It excels […]
Samsung Patches Zero-Day
Samsung has released an emergency security patch for a critical zero-day vulnerability (CVE-2025-21043) affecting Android 13 and newer devices. The flaw was actively exploited and reported by Meta/WhatsApp in August, highlighting the growing use of image-based exploits targeting mobile ecosystems. The vulnerability is located in libimagecodec.quram.so, an image parsing library developed by Quramsoft. It is […]
India Becomes Global Malware Target
India has rapidly digitized over the last decade, becoming a hub for digital payments, e-commerce, and online services. That growth has also made it one of the top targets for cybercriminals. A recent report shows India now leads the world in malware attacks, outpacing many other major economies. Attackers are using AI-driven ransomware and phishing […]
Apple Warns Of Spyware Attacks
Apple has raised the alarm about mercenary spyware tools being used to target both individuals and organizations. These threats are developed by private actors and used by governments or criminal groups to stealthily extract sensitive information from devices. Mercenary spyware tools often exploit zero-day vulnerabilities to bypass security controls. Once installed they can access messages, […]
New Malware Exploits
Security researchers have discovered a malware campaign that leverages Microsoft Azure Functions to host its command and control (C2) infrastructure. By abusing a legitimate cloud service, attackers are able to mask their activity, evade traditional security defenses, and maintain persistence within targeted environments. Azure Functions, which allow developers to run lightweight applications without managing servers, […]
NVIDIA NVDebug Tool
Security researchers have uncovered a critical flaw in the NVIDIA NVDebug Tool that could allow attackers to escalate privileges on affected systems. The vulnerability gives threat actors elevated access, enabling them to bypass standard security controls and potentially gain full control of devices. The issue stems from improper privilege handling within the debugging tool, which […]