Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks
Aug 21, 2025Ravie LakshmananVulnerability / Software Security Commvault has released updates to…
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
Aug 20, 2025Ravie LakshmananVulnerability / Browser Security Popular password manager plugins for…
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation
Jul 29, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure…
200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
Cybersecurity researchers have uncovered a new campaign in which the threat actors…
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a "zero-click"…
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Jun 12, 2025Ravie LakshmananVulnerability / Software Security ConnectWise has disclosed that it's…
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
May 30, 2025Ravie LakshmananVulnerability / Data Breach ConnectWise, the developer of remote…
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial…
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
May 25, 2025Ravie LakshmananThreat Intelligence / Software Security Cybersecurity researchers have disclosed…