Open-Source Breach
The Akira ransomware group has claimed responsibility for breaching the infrastructure of the open-source productivity suite Apache OpenOffice, reportedly exfiltrating approximately 23 gigabytes of sensitive operational data. The data alleged to have been stolen includes employee records (addresses, phone numbers, dates of birth, driver’s license numbers, Social Security numbers), financial information, and internal documentation covering […]
126 Malicious npm Packages Discovered
A new supply-chain attack dubbed PhantomRaven is putting developers and enterprises alike at serious risk. Security researchers have identified 126 malicious npm packages, collectively downloaded more than 86,000 times, that are actively stealing npm tokens, GitHub credentials and CI/CD pipeline secrets. What makes this campaign particularly dangerous: the packages appear benign in the npm registry […]
Urgent Advisory from Cybersecurity
The CISA and NSA, alongside international partners from Australia and Canada, have issued an urgent security advisory addressing high-risk vulnerabilities tied to on-premises Windows Server Update Services (WSUS) and Microsoft Exchange Server installations. The alert specifically cites exploitation of CVE‑2025‑59287 which allows remote code execution via WSUS, as well as configuration gaps in Exchange that […]
New “Brash” Flaw in Chromium’s Blink Engine
Researchers have uncovered a critical architectural vulnerability in Chromium-based browsers that enables attackers to trigger a denial-of-service (DoS) condition within 15 to 60 seconds. The flaw affects the Blink rendering engine and typically exploits the document.title API to flood the main browser thread and disable user interaction. How the Attack Works The exploit, dubbed Brash, […]
Critical Path Traversal Vulnerability
A serious security flaw has been identified in Docker Compose and tracked as CVE‑2025‑62725. The vulnerability allows attackers to overwrite arbitrary files on host systems even when developers run ostensibly benign commands like docker compose config or docker compose ps. This isn’t a risk limited to production containers – build pipelines, developer laptops, CI/CD runners […]
Critical Vulnerability in ASP.NET Core
A Must-Patch for Web ApplicationsMicrosoft has published a security advisory addressing a critical flaw (CVE‑2025‑55315) in its ASP.NET Core framework. The vulnerability, which affects the Kestrel web server component, allows attackers to perform HTTP request smuggling that can bypass security controls, access sensitive data, and potentially escalate privileges. How the Vulnerability Works The flaw arises […]
Critical Script-Injection Flaw in OpenVPN
A serious vulnerability has been found in early versions of OpenVPN (specifically from 2.7_alpha1 to 2.7_beta1) that impacts Linux, macOS, and other POSIX-based clients. A malicious VPN server could exploit this flaw to execute arbitrary commands on a connecting client device simply by manipulating DNS or DHCP options passed during the VPN session. How It […]
Critical Flaws in Veeder‑Root TLS4B Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious advisory regarding two critical vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge (ATG) system, widely used in fuel-storage and monitoring operations. These flaws present a major threat to operational technology (OT) environments, especially within the energy and utilities sectors where availability, integrity and safety are […]
BreachForums Rising
The notorious cybercrime forum BreachForums has re-emerged on a clearnet domain, making it accessible without specialized tools like Tor. Originally taken offline following multiple law-enforcement actions, the platform once again enables the trading of stolen credentials, ransomware discussions, and zero-day exploit exchanges. What’s happened The forum’s administrator (alias “koko”) announced that the site was restored […]
Critical Flaws in Dell Storage Manager
Dell Technologies has disclosed multiple high-severity vulnerabilities in its Storage Manager (DSM) software, affecting versions up to 20.1.21 and earlier. These flaws include an authentication-bypass, missing authentication, and an XML external entity (XXE) issue-together exposing storage environments to full compromise if left unpatched. Vulnerability Highlights CVE-2025-43995 (CVSS 9.8) – Improper authentication in the DSM Data […]