Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a "zero-click"…
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
More than 40,000 new vulnerabilities (CVEs) were published in 2024 alone. More…
A Security-First Approach to Closing Vulnerability Windows
Patching vulnerabilities is one of the most basic principles of cybersecurity —…
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
May 14, 2025Ravie LakshmananVulnerability / Malware Samsung has released software updates to…
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
May 07, 2025Ravie LakshmananVulnerability / Web Security A second security flaw impacting…
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
May 06, 2025Ravie LakshmananCybersecurity / Vulnerability A recently disclosed critical security flaw…
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Apr 28, 2025Ravie LakshmananWeb Application Security / Vulnerability Threat actors have been…
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
Apr 18, 2025Ravie LakshmananWindows Security / Vulnerability The U.S. Cybersecurity and Infrastructure…
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
Apr 17, 2025Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure…