South Korea’s Cybersecurity Under Fire After Another Major Breach
South Korea’s cybersecurity faces unprecedented strain after months of continuous data breaches across public and private sectors, revealing deep governance and policy flaws.
Category: vulnerability
Read More
Beyond Speculation: Physical DDR4 Tap Undercuts SGX Security
WireTap shows how a passive DDR4 interposer can recover Intel SGX attestation keys under physical access. The attack reframes trust in SGX-based services and demands stronger physical and cryptographic safeguards.
CometJacking Turns Browser Sessions into Covert Proxy Channels
CometJacking abuses browser WebSockets to hijack user connections, turning them into proxy nodes with a single click. The exploit marks a new wave of malware-less attacks that rely on web technologies rather than traditional payloads.
Discord Support Partner Compromised, Users’ Details Exposed
A third-party customer support vendor connected to Discord suffered a data breach that exposed personal information. Attackers accessed the vendor’s ticketing system and obtained names, email addresses, usernames, and in some cases scanned government-issued IDs. Crucially, Discord confirmed that its internal infrastructure remained unaffected. Nevertheless, the event underscores the risks created when organizations depend on…
Grafana Users Urged to Patch Critical Exploit Affecting Dashboards
A newly disclosed Grafana vulnerability is under active exploitation, with attackers targeting enterprise dashboards and infrastructure. Security teams must apply patches immediately.
CVE-2025-10547: DrayOS WebUI Flaw Allows Hackers Full Control
CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.