SonicWall has issued an urgent security warning following a dramatic surge in cyberattacks targeting Gen 7 firewalls with SSL VPN enabled over the past 72 hours. The company is actively investigating whether these incidents stem from a previously disclosed...

MediaTek has disclosed three critical security vulnerabilities in its August 2025 Product Security Bulletin that affect a wide range of chipsets used in smartphones, tablets, and IoT devices. These out-of-bounds write vulnerabilities enable local privilege escalation attacks, potentially compromising...

A critical SQL injection vulnerability affecting the widely-used ADOdb PHP database abstraction library has been discovered and patched, posing significant security risks to applications using the SQLite3 driver. The vulnerability, tracked as CVE-2025-54119, carries the maximum CVSS score of...

A critical vulnerability in Streamlit's file upload feature that could enable attackers to execute cloud account takeover attacks on misconfigured instances. The vulnerability, which client-side file type restrictions, was exploited in a proof-of-concept demonstration showing how financial market dashboards...

A sophisticated technique that can bypass most Web Application Firewalls (WAFs) to execute Cross-Site Scripting (XSS) attacks, revealing significant vulnerabilities in widely-used cybersecurity defenses. The research, conducted during an autonomous penetration test, demonstrated that parameter pollution combined with JavaScript...

The attack, dubbed "LegalPwn," was revealed in groundbreaking research by AI security firm Pangea and represents a significant evolution in prompt injection techniques that exploit the fundamental compliance programming of large language models. A sophisticated new cyberattack has been discovered...