Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
Mar 24, 2025Ravie LakshmananVulnerability / Cloud Security A set of five critical…
Critical flaw in Next.js lets hackers bypass authorization
A critical severity vulnerability has been discovered in the Next.js open-source web…
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Mar 21, 2025Ravie LakshmananMalware / Cyber Attack Two known threat activity clusters…
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a…
10 Critical Network Pentest Findings IT Teams Overlook
Mar 21, 2025The Hacker NewsNetwork Security / Vulnerability After conducting over 10,000…
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
Mar 21, 2025Ravie LakshmananRansomware / BYOVD The threat actors behind the Medusa…
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a…
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
Mar 21, 2025Ravie LakshmananCyber Attack / Vulnerability Two now-patched security flaws impacting…
CISA tags NAKIVO backup flaw as actively exploited in attacks
CISA has warned U.S. federal agencies to secure their networks against attacks…