New “Brash” Flaw in Chromium’s Blink Engine
Researchers have uncovered a critical architectural vulnerability in Chromium-based browsers that enables attackers to trigger a denial-of-service (DoS) condition within 15 to 60 seconds. The flaw affects the Blink rendering engine and typically exploits the document.title API to flood the main browser thread and disable user interaction. How the Attack Works The exploit, dubbed Brash, […]
Critical Path Traversal Vulnerability
A serious security flaw has been identified in Docker Compose and tracked as CVE‑2025‑62725. The vulnerability allows attackers to overwrite arbitrary files on host systems even when developers run ostensibly benign commands like docker compose config or docker compose ps. This isn’t a risk limited to production containers – build pipelines, developer laptops, CI/CD runners […]
Critical Vulnerability in ASP.NET Core
A Must-Patch for Web ApplicationsMicrosoft has published a security advisory addressing a critical flaw (CVE‑2025‑55315) in its ASP.NET Core framework. The vulnerability, which affects the Kestrel web server component, allows attackers to perform HTTP request smuggling that can bypass security controls, access sensitive data, and potentially escalate privileges. How the Vulnerability Works The flaw arises […]
Critical Script-Injection Flaw in OpenVPN
A serious vulnerability has been found in early versions of OpenVPN (specifically from 2.7_alpha1 to 2.7_beta1) that impacts Linux, macOS, and other POSIX-based clients. A malicious VPN server could exploit this flaw to execute arbitrary commands on a connecting client device simply by manipulating DNS or DHCP options passed during the VPN session. How It […]
Critical Flaws in Veeder‑Root TLS4B Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious advisory regarding two critical vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge (ATG) system, widely used in fuel-storage and monitoring operations. These flaws present a major threat to operational technology (OT) environments, especially within the energy and utilities sectors where availability, integrity and safety are […]
BreachForums Rising
The notorious cybercrime forum BreachForums has re-emerged on a clearnet domain, making it accessible without specialized tools like Tor. Originally taken offline following multiple law-enforcement actions, the platform once again enables the trading of stolen credentials, ransomware discussions, and zero-day exploit exchanges. What’s happened The forum’s administrator (alias “koko”) announced that the site was restored […]
Critical Flaws in Dell Storage Manager
Dell Technologies has disclosed multiple high-severity vulnerabilities in its Storage Manager (DSM) software, affecting versions up to 20.1.21 and earlier. These flaws include an authentication-bypass, missing authentication, and an XML external entity (XXE) issue-together exposing storage environments to full compromise if left unpatched. Vulnerability Highlights CVE-2025-43995 (CVSS 9.8) – Improper authentication in the DSM Data […]
ChatGPT Atlas Vulnerability
A new security concern has surfaced around ChatGPT Atlas, a macOS browser that enables access to OpenAI’s ChatGPT models. Researchers have revealed that OAuth tokens-used for authenticating users-were stored in plain text inside a local SQLite database. This flaw could allow attackers or malicious local processes to hijack user accounts and access private conversations, API […]
WhatsApp Zero-Click Flaw
At Pwn2Own Ireland 2025, researchers discovered a potential zero-click remote code execution vulnerability affecting WhatsApp. The research team chose to withdraw their on-stage demonstration and instead privately disclose the issue to Meta through a coordinated process designed to give the vendor time to investigate and patch. The decision prioritizes responsible disclosure and reduces the chance […]
Jira Software Vulnerability
A high-severity path traversal vulnerability (CVE‑2025‑22167) affecting Jira Software Data Center and Server has been disclosed. The flaw allows authenticated users (with low privilege) to write files to any path on the host that the JVM process can access, posing serious risks of tampering, remote code execution or data corruption. What the Vulnerability Does The […]