A severe security vulnerability has been discovered in SUSE Manager that allows unauthenticated attackers to execute arbitrary commands with root privileges through an exposed websocket endpoint. The vulnerability, tracked as CVE-2025-46811, has been assigned a critical CVSS score of...

A zero-day vulnerabilities in two discontinued network devices, demonstrating the persistent security risks posed by end-of-life hardware. The team won runner-up for "Most Innovative Exploitation Technique" at DistrictCon's inaugural Junkyard competition in February 2025, showcasing how abandoned devices become...

A critical zero-day vulnerability in CrushFTP has been disclosed, allowing attackers to achieve remote code execution without authentication. The vulnerability, tracked as CVE-2025-54309, has received a maximum CVSS score of 9.8 and affects the software's DMZ proxy functionality. Security...

Palo Alto Networks announced a definitive agreement to acquire CyberArk Software for approximately $25 billion, marking the cybersecurity giant's formal entry into Identity Security and establishing it as a core pillar of their multi-platform strategy. The acquisition combines CyberArk's...

A cybercriminal group known as Tsar0Byte has allegedly claimed responsibility for breaching Nokia's internal network systems, potentially exposing sensitive data belonging to more than 94,500 employees. The incident, reported across various dark web forums including DarkForums, represents one of...

Apple released a comprehensive set of security updates on July 29, 2025, addressing vulnerabilities across its entire ecosystem of devices and operating systems. The latest updates include critical patches for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, with particular...