Despite Cisco’s warnings, many ASA/FTD firewalls remain vulnerable. Simultaneously, threat actors claim they breached Red Hat’s GitLab instance. This article merges both crisis points and guides the fixes.
South Korea’s cybersecurity faces unprecedented strain after months of continuous data breaches across public and private sectors, revealing deep governance and policy flaws.
WireTap shows how a passive DDR4 interposer can recover Intel SGX attestation keys under physical access. The attack reframes trust in SGX-based services and demands stronger physical and cryptographic safeguards.
Despite enabling safety filters, child accounts on TikTok have received explicit content suggestions via search. This investigation reveals algorithmic failures and urges stronger oversight for youth protection.
CometJacking abuses browser WebSockets to hijack user connections, turning them into proxy nodes with a single click. The exploit marks a new wave of malware-less attacks that rely on web technologies rather than traditional payloads.
A third-party customer support vendor connected to Discord suffered a data breach that exposed personal information. Attackers accessed the vendor’s ticketing system and obtained names, email addresses, usernames, and in some cases scanned government-issued IDs. Crucially, Discord confirmed that its internal infrastructure remained unaffected. Nevertheless, the event underscores the risks created when organizations depend on…
Detour Dog has transitioned into DNS-powered malware operations. Its latest campaign distributes Strela Stealer through TXT-encoded commands and modular backdoors. This evolution marks a new wave of protocol abuse challenging traditional network defense.
A newly disclosed Grafana vulnerability is under active exploitation, with attackers targeting enterprise dashboards and infrastructure. Security teams must apply patches immediately.
CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.
CISA has listed CVE-2025-4008, a remote code execution bug in MeteoBridge devices, signaling active exploitation and urging immediate patching.